VIR Vulnerability Intelligence Relay

CVE-2017-9372

high
Published 2017-06-02 ยท Modified 2026-05-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.5

Description

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.

Predictions

Exploit likelihood
83%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
digiumopen_source13.0.0
digiumopen_source13.1.0
digiumopen_source13.2.0
digiumopen_source13.3.0
digiumopen_source13.4.0
digiumopen_source13.5.0
digiumopen_source13.6.0
digiumopen_source13.7.0
digiumopen_source13.8.0
digiumopen_source13.8.1
digiumopen_source13.8.2
digiumopen_source13.9.0
digiumopen_source13.10.0
digiumopen_source13.11.0
digiumopen_source13.12.0
digiumopen_source13.12.1
digiumopen_source13.12.2
digiumopen_source13.13.0
digiumopen_source13.14.0
digiumopen_source13.15.0
digiumopen_source14.0.0
digiumopen_source14.1.0
digiumopen_source14.2.0
digiumopen_source14.2.1
digiumopen_source14.3.0
digiumopen_source14.4.0
digiumcertified_asterisk13.13.0

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.