Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9r8k-em1c-rbep
Vulnerability ID VCID-9r8k-em1c-rbep
Aliases CVE-2017-17850
Summary An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.29958 https://api.first.org/data/v1/epss?cve=CVE-2017-17850
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2017-17850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850
885072 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072
GLSA-201811-11 https://security.gentoo.org/glsa/201811-11
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.96736
EPSS Score 0.29958
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:43:00.990673+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0