Bug 640992 (CVE-2017-17664)

Summary:	net-misc/asterisk: Remote crash vulnerability in RTCP stack (DoS) (CVE-2017-17664)
Product:	Gentoo Security	Reporter:	D'juan McDonald (domhnall) <flopwiki>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	chainsaw
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://downloads.asterisk.org/pub/security/AST-2017-012.html
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description D'juan McDonald (domhnall) 2017-12-14 09:12:02 UTC

CVE-2017-17664(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17664):

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

@maintainer(s): current ~arch version in tree: 13.17.2. After bump, please call for stabilization when ready, thank you.



Gentoo Security Padawan
(Jmbailey/mbailey_j)

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2018-01-25 15:35:46 UTC

CVE-2017-17664 (https://nvd.nist.gov/vuln/detail/CVE-2017-17664):
  A Remote Crash issue was discovered in Asterisk Open Source 13.x before
  13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk
  before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP
  Stack.

Comment 2 D'juan McDonald (domhnall) 2018-09-14 04:36:19 UTC

Tree cleaned via commit f26d9302 on  23 Mar 2018.