CVE-2012-0885 — Asterisk vulnerability

7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 22.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Asterisk Asterisk Open Source

Timeline

PublishedJan 25

Latest updateMay 17

Description

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDasterisk/open_source27 versions+26

▶debiandebian/asterisk< asterisk 1:1.8.8.2~dfsg-1 (bullseye)

Patches

Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗Patch: downloads.asterisk.org ↗

🔴Vulnerability Details

GHSA

GHSA-5p63-p7g2-xmmx: chan_sip↗2022-05-17

▶

OSV

CVE-2012-0885: chan_sip↗2012-01-25

▶

📋Vendor Advisories

Debian

CVE-2012-0885: asterisk - chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, ...↗2012

▶

💬Community

Bugzilla

CVE-2012-0885 asterisk: Remote DoS while processing crypto line for media stream with non-existing RTP [fedora-all]↗2012-01-20

▶

Bugzilla

CVE-2012-0885 asterisk: Remote DoS while processing crypto line for media stream with non-existing RTP↗2012-01-20

▶

Bugzilla

CVE-2012-0885 asterisk: Remote DoS while processing crypto line for media stream with non-existing RTP [epel-6]↗2012-01-20

▶