640992 – (CVE-2017-17664) net-misc/asterisk: Remote crash vulnerability in RTCP stack (DoS) (CVE-2017-17664)

Bug 640992 (CVE-2017-17664) - net-misc/asterisk: Remote crash vulnerability in RTCP stack (DoS) (CVE-2017-17664)

Summary: net-misc/asterisk: Remote crash vulnerability in RTCP stack (DoS) (CVE-2017-1...

Status:	RESOLVED FIXED

Alias:	CVE-2017-17664

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	http://downloads.asterisk.org/pub/sec...
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2017-12-14 09:12 UTC by D'juan McDonald (domhnall)
Modified:	2018-09-14 04:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-12-14 09:12:02 UTC

CVE-2017-17664(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17664):

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

@maintainer(s): current ~arch version in tree: 13.17.2. After bump, please call for stabilization when ready, thank you.



Gentoo Security Padawan
(Jmbailey/mbailey_j)

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2018-01-25 15:35:46 UTC

CVE-2017-17664 (https://nvd.nist.gov/vuln/detail/CVE-2017-17664):
  A Remote Crash issue was discovered in Asterisk Open Source 13.x before
  13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk
  before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP
  Stack.

Comment 2 D'juan McDonald (domhnall) 2018-09-14 04:36:19 UTC

Tree cleaned via commit f26d9302 on  23 Mar 2018.