CVE-2012-3812

Name of the Vulnerable Software and Affected Versions Asterisk Open Source versions 1.8.x through 1.8.13.0 Asterisk Open Source version 10.x through 10.5.1 Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3 Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones

Description The issue allows remote authenticated users to cause a denial of service by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox, resulting in a daemon crash.

Recommendations For Asterisk Open Source versions 1.8.x through 1.8.13.0, update to version 1.8.13.1 or later. For Asterisk Open Source version 10.x through 10.5.1, update to version 10.5.2 or later. For Certified Asterisk versions 1.8.11-certx through 1.8.11-cert3, update to version 1.8.11-cert4 or later. For Asterisk Digiumphones versions 10.x.x-digiumphones through 10.5.1-digiumphones, update to version 10.5.2-digiumphones or later.