{"id":"CVE-2017-17664","details":"A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.","modified":"2026-04-10T03:58:01.334635Z","published":"2017-12-13T20:29:00.253Z","references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-4076"},{"type":"ADVISORY","url":"http://downloads.digium.com/pub/security/AST-2017-012.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/102201"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1040009"},{"type":"REPORT","url":"https://issues.asterisk.org/jira/browse/ASTERISK-27429"},{"type":"FIX","url":"https://issues.asterisk.org/jira/browse/ASTERISK-27382"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"85335355efb2d7914a1fe20ed31afcef15fd210c"},{"fixed":"07c49ec7b8fad91c5b5118775986c9e09a019cc5"},{"introduced":"c6d6dd133c3db3b202f1f0d457780c9a6d841e0f"},{"fixed":"de85b88ac60295becec6de9b0b5eed7860f4fcf7"},{"introduced":"d4cc63728def7ca06ad3f70547de87bc5c9ef7c0"},{"fixed":"037105ead04401d138e966e1bc3c5b740f554d1a"},{"introduced":"0"},{"last_affected":"fdde690e0fa2e58bf45ea2bf83962bb1c261d6e0"},{"introduced":"0"},{"last_affected":"7d9a0a89df7e81b6bc821e92ebdda56e7f865a4b"},{"introduced":"0"},{"last_affected":"33a0d64eab3db2dc863b37ce693f32e7a8fc3202"},{"introduced":"0"},{"last_affected":"92876c1c2a7c361108df6586387a208f67bec1cd"},{"introduced":"0"},{"last_affected":"47febcb9277f71089d4c072145b8e0d1b8338415"},{"introduced":"0"},{"last_affected":"0ef6b6960d1c46b62df9974294392192c1398adf"},{"introduced":"0"},{"last_affected":"c1b521ad109122b09202e0cbf4018495bed6243b"},{"introduced":"0"},{"last_affected":"7e17de3d6634bcfcafe3e688807665e404580475"},{"introduced":"0"},{"last_affected":"f3969e49d194467a3cf5316c6ab6d5d9db2eba41"},{"introduced":"0"},{"last_affected":"c37d4abe63e0a37d659da04e3726ba687d4ef9f2"},{"introduced":"0"},{"last_affected":"1ee2ce8c703dd763d1779a877099640bb5cd46d0"},{"introduced":"0"},{"last_affected":"b8d1c8787e1cb329d294508a7d3f5d13da76216c"},{"introduced":"0"},{"last_affected":"3a76c2b0a9a51a0b80eaa8fea25ce728eb7db031"}],"database_specific":{"versions":[{"introduced":"13.0.0"},{"fixed":"13.18.4"},{"introduced":"14.0.0"},{"fixed":"14.7.4"},{"introduced":"15.0.0"},{"fixed":"15.1.4"},{"introduced":"0"},{"last_affected":"13.13"},{"introduced":"0"},{"last_affected":"13.13-cert1"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc1"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc2"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc3"},{"introduced":"0"},{"last_affected":"13.13-cert1_rc4"},{"introduced":"0"},{"last_affected":"13.13-cert2"},{"introduced":"0"},{"last_affected":"13.13-cert3"},{"introduced":"0"},{"last_affected":"13.13-cert4"},{"introduced":"0"},{"last_affected":"13.13-cert5"},{"introduced":"0"},{"last_affected":"13.13-cert6"},{"introduced":"0"},{"last_affected":"13.13-cert7"},{"introduced":"0"},{"last_affected":"13.13-cert8"}]}}],"versions":["13.13.0","13.13.0-rc1","13.13.0-rc2","13.18.0","13.18.0-rc1","13.18.0-rc2","14.7.0","14.7.0-rc1","14.7.0-rc2","14.7.1","14.7.2","14.7.3","15.1.0","15.1.0-rc1","15.1.0-rc2","15.1.1","15.1.2","15.1.3","certified/13.13-cert1","certified/13.13-cert1-rc1","certified/13.13-cert1-rc2","certified/13.13-cert1-rc3","certified/13.13-cert1-rc4","certified/13.13-cert2","certified/13.13-cert3","certified/13.13-cert4","certified/13.13-cert5","certified/13.13-cert6","certified/13.13-cert7","certified/13.13-cert8","certified/13.18-cert1","certified/13.18-cert1-rc1","certified/13.18-cert1-rc2","certified/13.18-cert1-rc3","certified/13.18-cert2","certified/13.18-cert3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17664.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}