CVE-2017-14603
Description
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the nat and symmetric_rtp options allow redirecting where Asterisk sends the next RTCP report.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.747
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| asterisk security update(DSA-3990-1) asterisk_11.13.1~dfsg-2+deb8u4_i386.deb | Linux |
| asterisk security update(DSA-3990-1) asterisk_13.14.1~dfsg-2+deb9u1_i386.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234