PT-2012-3112 · Digium · Asterisk
Jan Lieskovsky
·
Published
2012-09-18
·
Updated
2020-08-25
·
CVE-2012-1183
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk versions 1.4.x through 1.4.43
Asterisk versions 1.6.x through 1.6.2.22
Asterisk versions 1.8.x through 1.8.10.0
Asterisk versions 10.x through 10.2.0
Description
The issue is related to a stack-based buffer overflow in the
milliwatt generate function of the Miliwatt application. This occurs when the 'o' option is used and the internal timing option is off, allowing remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.Recommendations
For Asterisk versions 1.4.x through 1.4.43, update to version 1.4.44 or later.
For Asterisk versions 1.6.x through 1.6.2.22, update to version 1.6.2.23 or later.
For Asterisk versions 1.8.x through 1.8.10.0, update to version 1.8.10.1 or later.
For Asterisk versions 10.x through 10.2.0, update to version 10.2.1 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk