Vulnerabilities > CVE-2017-9358 - Infinite Loop vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

sangoma

asterisk

CWE-835

NVD

Published: 2017-06-02

Updated: 2024-11-21

Summary

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Vulnerable Configurations

Part	Description	Count
Application	Sangoma Sangoma Asterisk 13.0.0 Sangoma Asterisk 13.8.0 Sangoma Asterisk 13.11.0 Sangoma Asterisk 13.12.0 Sangoma Asterisk 13.2.0 Sangoma Asterisk 13.6.0 Sangoma Asterisk 13.1.0 Sangoma Asterisk 13.8.2 Sangoma Asterisk 13.7.0 Sangoma Asterisk 13.8.1 Sangoma Asterisk 13.13.0 Sangoma Asterisk 13.12.1 Sangoma Asterisk 13.9.0 Sangoma Asterisk 13.10.0 Sangoma Asterisk 13.5.0 Sangoma Asterisk 13.15.0 Sangoma Asterisk 13.12.2 Sangoma Asterisk 13.14.0 Sangoma Asterisk 13.4.0 Sangoma Asterisk 13.3.0 Sangoma Asterisk 14.2.0 Sangoma Asterisk 14.0.0 Sangoma Asterisk 14.1.0 Sangoma Asterisk 14.2.1 Sangoma Asterisk 14.4.0 Sangoma Asterisk 14.3.0	40
Application	Asterisk Asterisk Certified Asterisk 13.13.0	10

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References