| Title | Asterisk Open Source および Certified Asterisk におけるリソース管理に関する脆弱性 |
|---|---|
| Summary | Asterisk Open Source および Certified Asterisk には、リソース管理に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Dec. 1, 2017, midnight |
| Registration Date | Jan. 10, 2018, 11:40 a.m. |
| Last Update | Jan. 10, 2018, 11:40 a.m. |
| CVSS3.0 : 重要 | |
| Score | 7.5 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS2.0 : 警告 | |
| Score | 5 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Digium |
| Asterisk 13.18.2 およびそれ以前 |
| Asterisk 14.7.2 およびそれ以前 |
| Asterisk 15.1.2 およびそれ以前 |
| Certified Asterisk 13.13-cert7 およびそれ以前 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2018年01月10日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. |
|---|---|
| Publication Date | Dec. 2, 2017, 9:29 a.m. |
| Registration Date | Jan. 26, 2021, 1:19 p.m. |
| Last Update | Nov. 21, 2024, 12:17 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:* | |||||
| cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:* | 13.13 | ||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 13.8.2 | ||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 14.7.2 | ||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* | 15.1.2 | ||||