Vulnerabilities > Digium > Open Source > 13.8.0

DATE CVE VULNERABILITY TITLE RISK
2017-06-02 CVE-2017-9372 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
network
low complexity
digium CWE-119
5.0
5.0
2017-06-02 CVE-2017-9359 Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
network
low complexity
digium CWE-125
5.0
5.0