cbcvebase.
CVE-2012-1183
published 2012-09-18

CVE-2012-1183: Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before…

PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.73%
88.4th percentile
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:1.8.10.0~dfsg-1 (bullseye)asterisk 1:1.8.10.0~dfsg-1 (bullseye)
debiandebian_linux
digiumasterisk>= 0 < 1:1.8.10.0~dfsg-11:1.8.10.0~dfsg-1
digiumasterisk>= 1.4.0 < 1.4.441.4.44
digiumasterisk>= 1.6.0 < 1.6.2.231.6.2.23
digiumasterisk>= 1.8.0 < 1.8.10.11.8.10.1
digiumasterisk>= 10.0.0 < 10.2.110.2.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_redhat10.0CRITICAL
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.