CVE-2012-1183Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Digium AsteriskDebian AsteriskDebian Linux
Timeline
PublishedSep 18
Latest updateMay 13

Description

Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDdigium/asterisk1.4.01.4.44+3
debiandebian/asterisk< asterisk 1:1.8.10.0~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:1.8.10.0~dfsg-1

Also affects: Debian Linux 6.0

Patches

Patch: downloads.asterisk.orgPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-2w3g-954c-vrfq: Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 12022-05-13
OSV
CVE-2012-1183: Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 12012-09-18

📋Vendor Advisories

2
Red Hat
mesa: Arbitrary code execution via unspecified vectors related to 'array overflow'2012-08-21
Debian
CVE-2012-1183: asterisk - Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt a...2012

💬Community

3
Bugzilla
CVE-2012-2864 mesa: Arbitrary code execution via unspecified vectors related to 'array overflow'2012-08-22
Bugzilla
CVE-2012-1183 CVE-2012-1184 asterisk various flaws [fedora-all]2012-03-16
Bugzilla
CVE-2012-1183 asterisk: Stack-based buffer overwrite by processing large audio packet in Miliwatt application (AST-2012-002)2012-03-16