Bug 1525795 - CVE-2017-17664 asterisk: Mishandled compound RTCP packets in res/res_rtp_asterisk.c can allow remote attackers to cause a crash or write arbitrary data
Summary: CVE-2017-17664 asterisk: Mishandled compound RTCP packets in res/res_rtp_aste...
Keywords:
Status: CLOSED DUPLICATE of bug 1525689
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1525796
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-14 04:49 UTC by Sam Fowler
Modified: 2019-09-29 14:28 UTC (History)
6 users (show)

Fixed In Version: asterisk 13.18.4, asterisk 14.7.4, asterisk 15.1.4
Clone Of:
Environment:
Last Closed: 2017-12-18 20:42:42 UTC
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2017-12-14 04:49:06 UTC 
Certain compound RTCP packets are mishandled in Asterisk Open Source res/res_rtp_asterisk.c which can lead to a crash or allow remote attackers to write arbitrary data. Affected versions include 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9.

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17664
http://downloads.asterisk.org/pub/security/AST-2017-012.html
https://issues.asterisk.org/jira/secure/attachment/56394/AST-2017-012-13.diff
https://issues.asterisk.org/jira/browse/ASTERISK-27429
https://issues.asterisk.org/jira/browse/ASTERISK-27382
Comment 1 Sam Fowler 2017-12-14 04:49:29 UTC 
Created asterisk tracking bugs for this issue:

Affects: fedora-all [bug 1525796]
Comment 2 Pedro Sampaio 2017-12-18 20:42:42 UTC 

*** This bug has been marked as a duplicate of bug 1525689 ***
Note You need to log in before you can comment on or make changes to this bug.