CVE-2012-1184

Name of the Vulnerable Software and Affected Versions Asterisk versions 1.8.x through 1.8.10.0 Asterisk versions 10.x through 10.2.0

Description The issue is related to a stack-based buffer overflow in the ast parse digest function, which can be triggered by a long string in an HTTP Digest Authentication header. This can cause a denial of service (crash) or possibly allow remote attackers to execute arbitrary code.

Recommendations For Asterisk versions 1.8.x through 1.8.10.0, update to version 1.8.10.1 or later. For Asterisk versions 10.x through 10.2.0, update to version 10.2.1 or later.