Description
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81455
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2460
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75102
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48941
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026962
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53210
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2012-005.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48891
Scores
EPSS
0.0272
EPSS Percentile
84.3%
Details
CWE
CWE-119
Status
published
Products (22)
asterisk/open_source
1.6.2.0 (8 CPE variants)
asterisk/open_source
1.6.2.1 (2 CPE variants)
asterisk/open_source
1.6.2.2
asterisk/open_source
1.6.2.3 rc2
asterisk/open_source
1.6.2.4
asterisk/open_source
1.6.2.5
asterisk/open_source
1.6.2.6 (3 CPE variants)
asterisk/open_source
1.6.2.7 (4 CPE variants)
asterisk/open_source
1.6.2.8 (2 CPE variants)
asterisk/open_source
1.6.2.9 (4 CPE variants)
... and 12 more
Published
Apr 30, 2012
Tracked Since
Feb 18, 2026