CVE-2016-7551
Severity CVSS v4.0:
Pending analysis
Type:
CWE-399
Resource Management Errors
Publication date:
17/04/2017
Last modified:
20/04/2025
Description
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:digium:asterisk:11.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://downloads.asterisk.org/pub/security/AST-2016-007.html
- http://www.debian.org/security/2016/dsa-3700
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832
- https://bugzilla.redhat.com/show_bug.cgi?id=1374733
- https://issues.asterisk.org/jira/browse/ASTERISK-26272
- http://downloads.asterisk.org/pub/security/AST-2016-007.html
- http://www.debian.org/security/2016/dsa-3700
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832
- https://bugzilla.redhat.com/show_bug.cgi?id=1374733
- https://issues.asterisk.org/jira/browse/ASTERISK-26272