{"id":"CVE-2017-17090","details":"An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.","modified":"2026-04-10T03:57:54.142529Z","published":"2017-12-02T00:29:00.247Z","references":[{"type":"WEB","url":"https://www.exploit-db.com/exploits/43992/"},{"type":"WEB","url":"http://www.securitytracker.com/id/1039948"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html"},{"type":"ADVISORY","url":"http://downloads.digium.com/pub/security/AST-2017-013.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/102023"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4076"},{"type":"REPORT","url":"https://issues.asterisk.org/jira/browse/ASTERISK-27452"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"0"},{"last_affected":"fdde690e0fa2e58bf45ea2bf83962bb1c261d6e0"},{"introduced":"0"},{"last_affected":"7d9a0a89df7e81b6bc821e92ebdda56e7f865a4b"},{"introduced":"0"},{"last_affected":"33a0d64eab3db2dc863b37ce693f32e7a8fc3202"},{"introduced":"0"},{"last_affected":"92876c1c2a7c361108df6586387a208f67bec1cd"},{"introduced":"0"},{"last_affected":"47febcb9277f71089d4c072145b8e0d1b8338415"},{"introduced":"0"},{"last_affected":"0ef6b6960d1c46b62df9974294392192c1398adf"},{"introduced":"0"},{"last_affected":"c1b521ad109122b09202e0cbf4018495bed6243b"},{"introduced":"0"},{"last_affected":"7e17de3d6634bcfcafe3e688807665e404580475"},{"introduced":"0"},{"last_affected":"f3969e49d194467a3cf5316c6ab6d5d9db2eba41"},{"introduced":"0"},{"last_affected":"c37d4abe63e0a37d659da04e3726ba687d4ef9f2"},{"introduced":"0"},{"last_affected":"1ee2ce8c703dd763d1779a877099640bb5cd46d0"},{"introduced":"0"},{"last_affected":"b8d1c8787e1cb329d294508a7d3f5d13da76216c"},{"introduced":"0"},{"last_affected":"ac0f73694b59317f776ea2f4b8f777327def154e"},{"introduced":"0"},{"last_affected":"f9c41879a75183f205f4af0ed5613dcf1c25e996"},{"introduced":"0"},{"last_affected":"fecd5b4d912c3a682279bd888341e0f038a40e4e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"13.13"},{"introduced":"0"},{"last_affected":"13.13-cert1"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc1"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc2"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc3"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc4"},{"introduced":"0"},{"last_affected":"13.13-cert2"},{"introduced":"0"},{"last_affected":"13.13-cert3"},{"introduced":"0"},{"last_affected":"13.13-cert4"},{"introduced":"0"},{"last_affected":"13.13-cert5"},{"introduced":"0"},{"last_affected":"13.13-cert6"},{"introduced":"0"},{"last_affected":"13.13-cert7"},{"introduced":"0"},{"last_affected":"13.8.2"},{"introduced":"0"},{"last_affected":"14.7.2"},{"introduced":"0"},{"last_affected":"15.1.2"}]}}],"versions":["13.13.0","13.13.0-rc1","13.13.0-rc2","13.8.0","13.8.0-rc1","14.7.0","14.7.0-rc1","14.7.0-rc2","14.7.1","14.7.2","15.1.0","15.1.0-rc1","15.1.0-rc2","15.1.1","15.1.2","certified/13.13-cert1","certified/13.13-cert1-rc1","certified/13.13-cert1-rc2","certified/13.13-cert1-rc3","certified/13.13-cert1-rc4","certified/13.13-cert2","certified/13.13-cert3","certified/13.13-cert4","certified/13.13-cert5","certified/13.13-cert6","certified/13.13-cert7","certified/13.8-cert1","certified/13.8-cert1-rc1","certified/13.8-cert1-rc2","certified/13.8-cert1-rc3","certified/13.8-cert2","certified/13.8-cert2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17090.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}