Medium severity5.9NVD Advisory· Published Dec 13, 2017· Updated May 13, 2026

CVE-2017-17664

Description

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

Affected products

Digium/Asterisk
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Range: >=13.0.0,<13.18.4
Digium/Certified Asterisk12 versions
cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*range: <=13.13
- cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*
- cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

issues.asterisk.org/jira/browse/ASTERISK-27382nvdIssue TrackingPatchVendor Advisory
downloads.digium.com/pub/security/AST-2017-012.htmlnvdVendor Advisory
www.securityfocus.com/bid/102201nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1040009nvdThird Party AdvisoryVDB Entry
issues.asterisk.org/jira/browse/ASTERISK-27429nvdIssue TrackingVendor Advisory
www.debian.org/security/2017/dsa-4076nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000