VYPR
High severity7.5OSV Advisory· Published Dec 27, 2017· Updated Jun 17, 2026

CVE-2017-17850

CVE-2017-17850

Description

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Digium/AsteriskOSV2 versions
    13.1.0, 13.1.0-rc1, 13.1.0-rc2, …+ 1 more
    • (no CPE)range: 13.1.0, 13.1.0-rc1, 13.1.0-rc2, …
    • cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*range: >=13.0.0,<=13.18.4
  • cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:digium:certified_asterisk:13.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:digium:certified_asterisk:13.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:digium:certified_asterisk:13.8:cert1:*:*:*:*:*:*
  • Range: <=13.18.4, <=14.7.4, <=15.1.4, <=13.18-cert1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.