CVE-2017-7617 asterisk

Metadata

medium
6.5
asterisk
CVE-2017-7617
2017-06-18 07:51
CVE-2017-7617
2017-06-16 19:22
2017-04-19 05:03
2017-04-12 05:03
2017-04-10 17:03
2017-04-10 16:03
2017-04-10 14:03

Description

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster asterisk 1:13.14.1~dfsg-1
sid asterisk 1:13.14.1~dfsg-1
stretch asterisk 1:13.14.1~dfsg-1

Unaffected

Release Package Reason
jessie asterisk
wheezy asterisk