CVE-2017-7617

Metadata

medium
6.5
asterisk
CVE-2017-7617
cve.mitre.org, downloads.asterisk.org, bugs.debian.org, bugs.debian.org
2017-04-10
2017-10-23 14:18
CVE-2017-7617 asterisk
2017-07-20 21:30
2017-06-16 19:22
2017-05-10 23:48
2017-04-14 10:21
2017-04-12 06:03

Description

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful asterisk None
devel asterisk None
trusty asterisk None
upstream asterisk 1:13.14.1~dfsg-1
xenial asterisk None
zesty asterisk None

Unaffected

Release Package Reason
precise asterisk ignored
precise/esm asterisk DNE
vivid/stable-phone-overlay asterisk DNE
vivid/ubuntu-core asterisk DNE
yakkety asterisk ignored