CVE-2012-2416

Asterisk Open Source <1.8.11.1 & 10.x <10.3.1 - DoS

Title source: llm
STIX 2.1

Description

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/81456
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53205
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1026963
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75101
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48891
Patch, Vendor Advisory x_refsource_confirm
http://downloads.asterisk.org/pub/security/AST-2012-006.html

Scores

EPSS 0.0219
EPSS Percentile 80.3%

Details

CWE
CWE-119
Status published
Products (22)
asterisk/open_source 1.6.2.0 (8 CPE variants)
asterisk/open_source 1.6.2.1 (2 CPE variants)
asterisk/open_source 1.6.2.2
asterisk/open_source 1.6.2.3 rc2
asterisk/open_source 1.6.2.4
asterisk/open_source 1.6.2.5
asterisk/open_source 1.6.2.6 (3 CPE variants)
asterisk/open_source 1.6.2.7 (4 CPE variants)
asterisk/open_source 1.6.2.8 (2 CPE variants)
asterisk/open_source 1.6.2.9 (4 CPE variants)
... and 12 more
Published Apr 30, 2012
Tracked Since Feb 18, 2026