CVE-2012-2948

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 1.8.12.0 Asterisk Open Source versions 10.x through 10.4.0 Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1

Description The issue allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, by closing a connection in off-hook mode. This is due to a problem in the chan skinny.c file within the Skinny channel driver.

Recommendations For Asterisk Open Source versions 1.8.x through 1.8.12.0, update to version 1.8.12.1 or later. For Asterisk Open Source versions 10.x through 10.4.0, update to version 10.4.1 or later. For Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1, update to version 1.8.11-cert2 or later.