2017-11-09 01:29:00 2018-11-25 12:29:00

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Digium Asterisk 14.0.0 Rc2 (not an official CPE) Digium Asterisk 14.0.1 (not an official CPE) Digium Asterisk 14.0.0 Rc1 (not an official CPE) Digium Asterisk 14.0.0 Beta2 (not an official CPE) Digium Asterisk 14.0.0 Beta1 (not an official CPE) Digium Asterisk 14.0.0 (not an official CPE) Digium Asterisk 13.17.0 Rc1 (not an official CPE) Digium Asterisk 13.17.0 (not an official CPE) Digium Asterisk 13.16.0 Rc2 (not an official CPE) Digium Asterisk 13.16.0 Rc1 (not an official CPE) Digium Asterisk 13.16.0 (not an official CPE) Digium Asterisk 13.15.1 (not an official CPE) Digium Asterisk 13.15.0 Rc3 (not an official CPE) Digium Asterisk 13.15.0 Rc2 (not an official CPE) Digium Asterisk 13.15.0 Rc1 (not an official CPE) Digium Asterisk 13.15.0 (not an official CPE) Digium Asterisk 13.14.1 (not an official CPE) Digium Asterisk 13.14.0 Rc2 (not an official CPE) Digium Asterisk 13.14.0 Rc1 (not an official CPE) Digium Asterisk 13.14.0 (not an official CPE) Digium Asterisk 13.13.1 (not an official CPE) Digium Asterisk 13.13.0 (not an official CPE) Digium Asterisk 13.13 (not an official CPE) Digium Asterisk 13.12.2 (not an official CPE) Digium Asterisk 13.12.1 (not an official CPE) Digium Asterisk 13.12.0 (not an official CPE) Digium Asterisk 13.12 (not an official CPE) Digium Asterisk 13.11.2 (not an official CPE) Digium Asterisk 13.11.1 (not an official CPE) Digium Asterisk 13.11.0 (not an official CPE) Digium Asterisk 13.10.0 Rc1 (not an official CPE) Digium Asterisk 13.10.0 (not an official CPE) Digium Asterisk 13.9.1 (not an official CPE) Digium Asterisk 13.9.0 (not an official CPE) Digium Asterisk 13.8.2 (not an official CPE) Digium Asterisk 13.8.1 (not an official CPE) Digium Asterisk 13.8.0 Rc1 (not an official CPE) Digium Asterisk 13.8.0 (not an official CPE) Digium Asterisk 13.7.2 (not an official CPE) Digium Asterisk 13.7.1 (not an official CPE) Digium Asterisk 13.7.0 Rc2 (not an official CPE) Digium Asterisk 13.7.0 Rc1 (not an official CPE) Digium Asterisk 13.6.0 Rc1 (not an official CPE) Digium Asterisk 13.5.0 Rc1 (not an official CPE) Digium Asterisk 13.5.0 (not an official CPE) Digium Asterisk 13.4.0 Rc1 (not an official CPE) Digium Asterisk 13.4.0 (not an official CPE) Digium Asterisk 13.3.2 (not an official CPE) Digium Asterisk 13.3.0 Rc1 (not an official CPE) Digium Asterisk 13.2.1 (not an official CPE) Digium Asterisk 13.2.0 release candidate 1 Digium Asterisk 13.2.0 Digium Asterisk 13.1.1 (not an official CPE) Digium Asterisk 13.1.0 release candidate 2 Digium Asterisk 13.1.0 release candidate 1 Digium Asterisk 13.1.0 Digium Asterisk 13.0.2 (not an official CPE) Digium Asterisk 13.0.1 Digium Asterisk 13.0.0 Beta3 (not an official CPE) Digium Asterisk 13.0.0 Beta2 (not an official CPE) Digium Asterisk 13.0.0 Beta1 (not an official CPE) Digium Asterisk 13.0.0 LTS Digium Asterisk 14.0.2 (not an official CPE) Digium Asterisk 14.01 (not an official CPE) Digium Asterisk 14.1.0 (not an official CPE) Digium Asterisk 14.1.1 (not an official CPE) Digium Asterisk 14.1.2 (not an official CPE) Digium Asterisk 14.02 (not an official CPE) Digium Asterisk 14.2.0 (not an official CPE) Digium Asterisk 14.2.1 (not an official CPE) Digium Asterisk 14.3.0 (not an official CPE) Digium Asterisk 14.3.0 Rc1 (not an official CPE) Digium Asterisk 14.3.0 Rc2 (not an official CPE) Digium Asterisk 14.3.1 (not an official CPE) Digium Asterisk 14.4.0 (not an official CPE) Digium Asterisk 14.4.0 Rc1 (not an official CPE) Digium Asterisk 14.4.0 Rc2 (not an official CPE) Digium Asterisk 14.4.0 Rc3 (not an official CPE) Digium Asterisk 14.4.1 (not an official CPE) Digium Asterisk 14.5.0 (not an official CPE) Digium Asterisk 14.5.0 Rc1 (not an official CPE) Digium Asterisk 14.5.0 Rc2 (not an official CPE) Digium Asterisk 14.6.0 (not an official CPE) Digium Asterisk 14.6.0 Rc1 (not an official CPE) Digium Certified asterisk 13.13.0 (not an official CPE) Digium Certified asterisk 13.13.0 Cert1 (not an official CPE) Digium Certified asterisk 13.13.0 Cert1 rc1 (not an official CPE) Digium Certified asterisk 13.13.0 Cert1 rc2 (not an official CPE) Digium Certified asterisk 13.13.0 Cert1 rc3 (not an official CPE) Digium Certified asterisk 13.13.0 Cert1 rc4 (not an official CPE) Digium Certified asterisk 13.13.0 Cert2 (not an official CPE) Digium Certified asterisk 13.13.0 Cert3 (not an official CPE) Digium Certified asterisk 13.13.0 Cert4 (not an official CPE) Digium Certified asterisk 13.13.0 Cert5 (not an official CPE) Digium Certified asterisk 13.13.0 Cert6 (not an official CPE)