{"id":"CVE-2017-9372","details":"PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.","modified":"2026-04-16T06:23:53.911108515Z","published":"2017-06-02T14:29:00.247Z","references":[{"type":"WEB","url":"http://www.securitytracker.com/id/1038529"},{"type":"ADVISORY","url":"https://bugs.debian.org/863901"},{"type":"ADVISORY","url":"http://downloads.asterisk.org/pub/security/AST-2017-002.txt"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3933"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/98572"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"0"},{"last_affected":"85335355efb2d7914a1fe20ed31afcef15fd210c"},{"introduced":"0"},{"last_affected":"ff4dbeaf3894d28de5c9e2a718702442acddcb29"},{"introduced":"0"},{"last_affected":"c90ce6f6c254ce6ddc032c64fe3b10e7eeb0a846"},{"introduced":"0"},{"last_affected":"c45c3b55247f5735f16ebfa90b38a93913dfcee6"},{"introduced":"0"},{"last_affected":"5cc6bd8fe6a4ee99ecb05178e30ca35e07ba8e4f"},{"introduced":"0"},{"last_affected":"a254eba1d54a43c012435ee14b7a3d949af9972b"},{"introduced":"0"},{"last_affected":"e3830dec049a6b5316bcd609691df7c2d71ed4b8"},{"introduced":"0"},{"last_affected":"933356d01000d7554810d34457a86e6d629fb026"},{"introduced":"0"},{"last_affected":"63d46b4e7a9b022b2cc8f870c9598afc57111677"},{"introduced":"0"},{"last_affected":"1639644ba71c01a03ceec06da8899b9dad62818c"},{"introduced":"0"},{"last_affected":"59b6e5db769d77f5f2ba41869fbcab0ae6e98696"},{"introduced":"0"},{"last_affected":"a0fb436eda914dca26e96d304d3c9daca2be54de"},{"introduced":"0"},{"last_affected":"f3a578ce98f33b7302fca71066e96ab581aa5167"},{"introduced":"0"},{"last_affected":"4efe7bf05179c25b96c6a0dea401d4847c7737af"},{"introduced":"0"},{"last_affected":"fad0410486b3a47743331f14fcb565b79357887c"},{"introduced":"0"},{"last_affected":"06f5ace1fa80ce0799c6d25954de2236a1f842c8"},{"introduced":"0"},{"last_affected":"45e0392397605b8c8d0d975c63e21dd7b2c951de"},{"introduced":"0"},{"last_affected":"ac0f73694b59317f776ea2f4b8f777327def154e"},{"introduced":"0"},{"last_affected":"cc1106a06ac487e54c8222f30b6cc477d90986e1"},{"introduced":"0"},{"last_affected":"0447d28fbd625334bdac49a8bcb7005e086195f9"},{"introduced":"0"},{"last_affected":"3c4b64351bc44b26fdfbb9101501ad8e485c9e11"},{"introduced":"0"},{"last_affected":"9f083db88b469c4b454a901c6b0e7c3f10dfc8f8"},{"introduced":"0"},{"last_affected":"226a7e36c538de73cee76de4183b1569bd5501e5"},{"introduced":"0"},{"last_affected":"df75b647da03eba6920020bac0cc950032a1e930"},{"introduced":"0"},{"last_affected":"7d7b52c434eb23ef470ad51d08ee4029a7078b78"},{"introduced":"0"},{"last_affected":"ee73af1d88c9ff6db90f70f934f5ea57b8ab0625"},{"introduced":"0"},{"last_affected":"751d43e8e4173386be5455311561dfa819a642d3"},{"introduced":"0"},{"last_affected":"7dbe77d63946ce204611a75d5f79d37f9d624ee1"},{"introduced":"0"},{"last_affected":"552cf009c0939c8b6597708135412bdc596df4bb"},{"introduced":"0"},{"last_affected":"c6d6dd133c3db3b202f1f0d457780c9a6d841e0f"},{"introduced":"0"},{"last_affected":"de9145e0febe6e2c83628821f4906acd89c39515"},{"introduced":"0"},{"last_affected":"9528429f4c9d58516525224b24ff566e189c1398"},{"introduced":"0"},{"last_affected":"bda53c1fe8bc378c64142da595f95605335ea281"},{"introduced":"0"},{"last_affected":"44ae8c24fd5cd4ca1826e75c01cb2d1a16998026"},{"introduced":"0"},{"last_affected":"37cde9225d9526e465698b958a6720d8e33709be"},{"introduced":"0"},{"last_affected":"ff947c4827ea21276e5da166e6b35a4b1d9d5aee"},{"introduced":"0"},{"last_affected":"d6c9df8b03d4d1a4e5e70c057e1c377c0ffadb6e"},{"introduced":"0"},{"last_affected":"be10e65384ecaf320aec5e8a0598db618ec28084"},{"introduced":"0"},{"last_affected":"c5a7c007aa7c1369e48d6db1c1c2f885371c1f51"},{"introduced":"0"},{"last_affected":"4ab2002a77ea606282631f96de73009e7b60d45a"},{"introduced":"0"},{"last_affected":"fdde690e0fa2e58bf45ea2bf83962bb1c261d6e0"},{"introduced":"0"},{"last_affected":"751d43e8e4173386be5455311561dfa819a642d3"},{"introduced":"0"},{"last_affected":"f93e55d124da09eb9929303189c4b925c42ad0bb"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"13.0.0"},{"introduced":"0"},{"last_affected":"13.1.0"},{"introduced":"0"},{"last_affected":"13.1.0-rc1"},{"introduced":"0"},{"last_affected":"13.1.0-rc2"},{"introduced":"0"},{"last_affected":"13.2.0"},{"introduced":"0"},{"last_affected":"13.2.0-rc1"},{"introduced":"0"},{"last_affected":"13.3.0-rc1"},{"introduced":"0"},{"last_affected":"13.4.0"},{"introduced":"0"},{"last_affected":"13.4.0-rc1"},{"introduced":"0"},{"last_affected":"13.5.0"},{"introduced":"0"},{"last_affected":"13.5.0-rc1"},{"introduced":"0"},{"last_affected":"13.6.0-rc1"},{"introduced":"0"},{"last_affected":"13.7.0"},{"introduced":"0"},{"last_affected":"13.7.0-rc1"},{"introduced":"0"},{"last_affected":"13.8.0"},{"introduced":"0"},{"last_affected":"13.8.0-rc1"},{"introduced":"0"},{"last_affected":"13.8.1"},{"introduced":"0"},{"last_affected":"13.8.2"},{"introduced":"0"},{"last_affected":"13.9.0"},{"introduced":"0"},{"last_affected":"13.9.0-rc1"},{"introduced":"0"},{"last_affected":"13.10.0-rc1"},{"introduced":"0"},{"last_affected":"13.11.0-rc1"},{"introduced":"0"},{"last_affected":"13.12.0"},{"introduced":"0"},{"last_affected":"13.12.0-rc1"},{"introduced":"0"},{"last_affected":"13.12.1"},{"introduced":"0"},{"last_affected":"13.12.2"},{"introduced":"0"},{"last_affected":"13.13.0-rc1"},{"introduced":"0"},{"last_affected":"13.14.0-rc1"},{"introduced":"0"},{"last_affected":"13.15.0-rc1"},{"introduced":"0"},{"last_affected":"14.0.0"},{"introduced":"0"},{"last_affected":"14.0.0-beta1"},{"introduced":"0"},{"last_affected":"14.0.0-beta2"},{"introduced":"0"},{"last_affected":"14.0.0-rc1"},{"introduced":"0"},{"last_affected":"14.1.0-rc1"},{"introduced":"0"},{"last_affected":"14.2.0"},{"introduced":"0"},{"last_affected":"14.2.0-rc1"},{"introduced":"0"},{"last_affected":"14.2.0-rc2"},{"introduced":"0"},{"last_affected":"14.2.1"},{"introduced":"0"},{"last_affected":"14.3.0-rc1"},{"introduced":"0"},{"last_affected":"14.4.0-rc1"},{"introduced":"0"},{"last_affected":"13.13.0"},{"introduced":"0"},{"last_affected":"13.13.0-rc1"},{"introduced":"0"},{"last_affected":"13.13.0-rc2"}]}}],"versions":["13.0.0","13.1.0","13.1.0-rc1","13.1.0-rc2","13.10.0-rc1","13.11.0-rc1","13.12.0","13.12.0-rc1","13.12.1","13.12.2","13.13.0","13.13.0-rc1","13.13.0-rc2","13.14.0-rc1","13.15.0-rc1","13.2.0","13.2.0-rc1","13.3.0-rc1","13.4.0","13.4.0-rc1","13.5.0","13.5.0-rc1","13.6.0-rc1","13.7.0","13.7.0-rc1","13.7.0-rc2","13.7.0-rc3","13.8.0","13.8.0-rc1","13.9.0","13.9.0-rc1","13.9.0-rc2","14.0.0","14.0.0-beta1","14.0.0-beta2","14.0.0-rc1","14.0.0-rc2","14.1.0-rc1","14.2.0","14.2.0-rc1","14.2.0-rc2","14.2.1","14.3.0-rc1","14.4.0-rc1","certified/13.8-cert1","certified/13.8-cert1-rc1","certified/13.8-cert1-rc2","certified/13.8-cert1-rc3","certified/13.8-cert2","certified/13.8-cert2-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9372.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert1\\-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert1\\-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert1\\-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert1\\-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert2"}]},{"events":[{"introduced":"0"},{"last_affected":"13.13.0-cert3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}