AST-2017-004: Memory exhaustion on short SCCP packets

               Asterisk Project Security Advisory - AST-2017-004

Product Asterisk
Summary Memory exhaustion on short SCCP packets
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On April 13, 2017
Reported By Sandro Gauci
Posted On
Last Updated On April 13, 2017
Advisory Contact George Joseph <gjoseph AT digium DOT com>
CVE Name

Description A remote memory exhaustion can be triggered by sending an
SCCP packet to Asterisk system with “chan_skinny†enabled
that is larger than the length of the SCCP header but
smaller than the packet length specified in the header. The
loop that reads the rest of the packet doesn’t detect that
the call to read() returned end-of-file before the expected
number of bytes and continues infinitely. The “partial
data†message logging in that tight loop causes Asterisk to
exhaust all available memory.

Resolution If support for the SCCP protocol is not required, remove or
disable the module.

If support for SCCP is required, an upgrade to Asterisk will
be necessary.

Affected Versions
Product Release Series
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Certified Asterisk 13.13 All versions

Corrected In
Product Release
Asterisk Open Source 13.15.1, 14.4.1
Certified Asterisk 13.13-cert4

SVN URL Revision


Asterisk Project Security Advisories are posted at

This document may be superseded by later versions; if so, the latest
version will be posted at

Revision History
Date Editor Revisions Made
13 April 2017 George Joseph Initial report created

Asterisk Project Security Advisory -
Copyright © 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

Commenti (0) Trackback (0)

Spiacenti, il modulo dei commenti è chiuso per ora.

Ancora nessun trackback.