Home > Vulnerability Database > CVE-2017-9358

Mend.io Vulnerability Database

CVE-2017-9358

Date: June 2, 2017

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).

Severity Score

7.5

Related Resources (8)

Url: http://www.securitytracker.com/id/1038531

Url: http://www.securityfocus.com/bid/98573

Url: https://bugs.debian.org/863906

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-9358

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-9358

Url: https://security-tracker.debian.org/tracker/CVE-2017-9358

Url: http://downloads.asterisk.org/pub/security/AST-2017-004.txt

Url: https://www.mend.io/vulnerability-database/CVE-2017-9358

Severity Score

7.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-9358

Date: June 2, 2017

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?