Nicolas Bouliane

Researcher fromAvencall Security Labs
#52281of 53,633
4Total CVSS
Vulnerabilities · 1
PT-2012-5015
4.0
2012-07-09
Digium · Asterisk Digiumphones · CVE-2012-3812
**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.8.x through 1.8.13.0 Asterisk Open Source version 10.x through 10.5.1 Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3 Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones **Description** The issue allows remote authenticated users to cause a denial of service by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox, resulting in a daemon crash. **Recommendations** For Asterisk Open Source versions 1.8.x through 1.8.13.0, update to version 1.8.13.1 or later. For Asterisk Open Source version 10.x through 10.5.1, update to version 10.5.2 or later. For Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3, update to version 1.8.11-cert4 or later. For Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones, update to version 10.5.2-digiumphones or later.