Skip to main content

Open Source CVE-2012-0885

MEDIUM
2012-01-25 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Jan 25, 2012 - 15:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

AnalysisAI

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Technical ContextAI

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. Affected products include: Asterisk Open Source. Version information: before 1.8.8.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-2685 HIGH
7.5 Apr 01

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attac

CVE-2012-2186 CRITICAL
9.0 Aug 31

Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.

CVE-2012-2415 MEDIUM
6.5 Apr 30

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24

CVE-2017-9372 HIGH
7.5 Jun 02

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13

CVE-2017-9359 HIGH
7.5 Jun 02

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certifi

CVE-2012-2416 MEDIUM
6.5 Apr 30

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk B

CVE-2012-2414 MEDIUM
6.5 Apr 30

main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x

CVE-2013-2686 MEDIUM
5.0 Apr 01

main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.

CVE-2013-2264 MEDIUM
5.0 Apr 01

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certi

CVE-2012-2948 MEDIUM
4.0 Jun 02

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk

Share

CVE-2012-0885 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy