PT-2012-4386 · Digium · Asterisk
Christoph Hebeisen
·
Published
2012-06-02
·
Updated
2024-08-15
·
CVE-2012-2948
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Asterisk Open Source versions 1.8.x through 1.8.12.0
Asterisk Open Source versions 10.x through 10.4.0
Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1
Description
The issue allows remote authenticated users to cause a denial of service, resulting in a NULL pointer dereference and daemon crash, by closing a connection in off-hook mode. This is due to a problem in the chan skinny.c file within the Skinny channel driver.
Recommendations
For Asterisk Open Source versions 1.8.x through 1.8.12.0, update to version 1.8.12.1 or later.
For Asterisk Open Source versions 10.x through 10.4.0, update to version 10.4.1 or later.
For Certified Asterisk versions 1.8.11-cert through 1.8.11-cert1, update to version 1.8.11-cert2 or later.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asterisk