CVE-2017-17090
HIGHAsterisk Open Source <15.1.2 - DoS
Title source: llmDescription
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Juan Sacco · pythondosmultiple
https://www.exploit-db.com/exploits/43992
References (7)
Scores
CVSS v3
7.5
EPSS
0.8058
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-459
Status
published
Products (3)
digium/asterisk
< 13.8.2
digium/certified_asterisk
13.13 cert1 (11 CPE variants)
digium/certified_asterisk
< 13.13
Published
Dec 02, 2017
Tracked Since
Feb 18, 2026