CVE-2017-11521

NameCVE-2017-11521
DescriptionThe SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1040-1
NVD severitymedium (attack range: remote)
Debian Bugs869404

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
resiprocate (PTS)wheezy1.8.5-4vulnerable
wheezy (security)1.8.5-4+deb7u1fixed
jessie1:1.9.7-5vulnerable
stretch1:1.11.0~beta1-3vulnerable
sid1:1.11.0~beta5-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
resiprocatesource(unstable)(unfixed)low869404
resiprocatesourcewheezy1.8.5-4+deb7u1mediumDLA-1040-1

Notes

[stretch] - resiprocate <no-dsa> (Minor issue)
[jessie] - resiprocate <no-dsa> (Minor issue)
https://github.com/resiprocate/resiprocate/pull/88
https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8

Search for package or bug name: Reporting problems