CVE-2017-16671

Current Description

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

Basic Data

Published	November 09, 2017
Last Modified	November 25, 2018
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	CWE-119
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	SINGLE
CVSS 2 - Confidentiality Impact	PARTIAL
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	6.5
Severity	MEDIUM
Exploitability Score	8.0
Impact Score	6.4
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

CVSS 3 - Version	3.0
CVSS 3 - Vector String	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack Vector	NETWORK
CVSS 3 - Attack Complexity	LOW
CVSS 3 - Privileges Required	LOW
CVSS 3 - User Interaction	NONE
CVSS 3 - Scope	UNCHANGED
CVSS 3 - Confidentiality Impact	HIGH
CVSS 3 - Integrity Impact	HIGH
CVSS 3 - Availability Impact	HIGH
CVSS 3 - Base Score	8.8
CVSS 3 - Base Severity	HIGH
Exploitability Score	2.8
Base Severity	HIGH

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other	Version Start Including	Version End Excluding
2.3	Application	Digium	Asterisk	*	*	*	*	*	*	*	*	13.0.0	13.18.1
2.3	Application	Digium	Asterisk	*	*	*	*	*	*	*	*	14.0.0	14.7.1
2.3	Application	Digium	Asterisk	*	*	*	*	*	*	*	*	15.0.0	15.1.1

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Digium	Certified Asterisk	13.13.0	*	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert1	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert1_rc1	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert1_rc2	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert1_rc3	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert1_rc4	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert2	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert3	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert4	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert5	*	*	*	*	*	*
2.3	Application	Digium	Certified Asterisk	13.13.0	cert6	*	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Digium	Certified Asterisk	13.13.0
Digium	Asterisk	*

References

Name	Source	URL	Tags
http://downloads.digium.com/pub/security/AST-2017-010.html	http://downloads.digium.com/pub/security/AST-2017-010.html	CONFIRM	Vendor Advisory
101760	http://www.securityfocus.com/bid/101760	BID	Third Party Advisory VDB Entry
https://issues.asterisk.org/jira/browse/ASTERISK-27337	https://issues.asterisk.org/jira/browse/ASTERISK-27337	CONFIRM	Issue Tracking Vendor Advisory
GLSA-201811-11	https://security.gentoo.org/glsa/201811-11	GENTOO
DSA-4076	https://www.debian.org/security/2017/dsa-4076	DEBIAN