High severity7.5NVD Advisory· Published Dec 27, 2017· Updated May 13, 2026

CVE-2017-17850

Description

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.asterisk.org/pub/security/AST-2017-014.htmlnvdVendor Advisory
www.securitytracker.com/id/1040056nvdThird Party AdvisoryVDB Entry
issues.asterisk.org/jira/browse/ASTERISK-27480nvdIssue TrackingVendor Advisory
security.gentoo.org/glsa/201811-11nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.024
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000