CVE-2012-2415

Asterisk Open Source <10.3.1 - DoS

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/81455
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2460
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75102
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48941
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026962
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53210
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2012-005.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48891

Scores

EPSS 0.0272
EPSS Percentile 84.3%

Details

CWE
CWE-119
Status published
Products (22)
asterisk/open_source 1.6.2.0 (8 CPE variants)
asterisk/open_source 1.6.2.1 (2 CPE variants)
asterisk/open_source 1.6.2.2
asterisk/open_source 1.6.2.3 rc2
asterisk/open_source 1.6.2.4
asterisk/open_source 1.6.2.5
asterisk/open_source 1.6.2.6 (3 CPE variants)
asterisk/open_source 1.6.2.7 (4 CPE variants)
asterisk/open_source 1.6.2.8 (2 CPE variants)
asterisk/open_source 1.6.2.9 (4 CPE variants)
... and 12 more
Published Apr 30, 2012
Tracked Since Feb 18, 2026