Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1184Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-284Improper Access Control10 documents8 sources
Severity
7.5HIGHNVD
GHSA5.0
EPSS
41.7%
top 2.57%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Digium AsteriskDebian Asterisk
Timeline
PublishedSep 18
Latest updateMay 17

Description

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/asterisk< asterisk 1:1.8.10.0~dfsg-1 (bullseye)
Debiandigium/asterisk< 1:1.8.10.0~dfsg-1
NVDdigium/asterisk37 versions+36

🔴Vulnerability Details

3
GHSA
GHSA-rh24-rxj5-hccw: Stack-based buffer overflow in the ast_parse_digest function in main/utils2022-05-17
GHSA
Improper Access Control in Apache Tomcat2022-05-17
OSV
CVE-2012-1184: Stack-based buffer overflow in the ast_parse_digest function in main/utils2012-09-18

💥Exploits & PoCs

2
Exploit-DB
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout2017-04-11
Exploit-DB
Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)2012-03-15

📋Vendor Advisories

2
Red Hat
tomcat: three DIGEST authentication implementation issues2012-11-05
Debian
CVE-2012-1184: asterisk - Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in ...2012

💬Community

2
Bugzilla
CVE-2012-1183 CVE-2012-1184 asterisk various flaws [fedora-all]2012-03-16
Bugzilla
CVE-2012-1184 asterisk: Stack-based buffer overflow by processing certain HTTP Digest Authentication headers (AST-2012-003)2012-03-16