Candidate: CVE-2017-16672
PublicDate: 2017-11-09 00:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672
 http://downloads.digium.com/pub/security/AST-2017-011.html
 http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff
 https://issues.asterisk.org/jira/browse/ASTERISK-27345
Description:
 An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14
 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before
 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is
 created and that call gets rejected before the session itself is fully
 established. When this happens the session object never gets destroyed.
 Eventually Asterisk can run out of memory and crash.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H [5.9 MEDIUM]


Patches_asterisk:
 upstream: http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff
upstream_asterisk: released (1:13.18.1~dfsg-1)
precise/esm_asterisk: DNE
trusty_asterisk: ignored (reached end-of-life)
trusty/esm_asterisk: DNE (trusty was needs-triage)
xenial_asterisk: ignored (end of standard support, was needed)
zesty_asterisk: ignored (reached end-of-life)
artful_asterisk: ignored (reached end-of-life)
bionic_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
cosmic_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
disco_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
eoan_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
focal_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
groovy_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
hirsute_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
impish_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
jammy_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)
devel_asterisk: not-affected (1:13.18.3~dfsg-1ubuntu4)