CVE-2012-2415Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
10.5%
top 6.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian AsteriskAsterisk Open Source
Timeline
PublishedApr 30
Latest updateMay 17

Description

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDasterisk/open_source75 versions+74
debiandebian/asterisk< asterisk 1:1.8.11.1~dfsg-1 (bullseye)

Patches

Patch: downloads.asterisk.orgPatch: downloads.asterisk.org

🔴Vulnerability Details

2
GHSA
GHSA-gq8c-3hw4-vx45: Heap-based buffer overflow in chan_skinny2022-05-17
OSV
CVE-2012-2415: Heap-based buffer overflow in chan_skinny2012-04-30

📋Vendor Advisories

1
Debian
CVE-2012-2415: asterisk - Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Aste...2012

💬Community

3
Bugzilla
CVE-2012-2414 CVE-2012-2415 CVE-2012-2416 asterisk various flaws [fedora-all]2012-04-24
Bugzilla
CVE-2012-2414 CVE-2012-2415 CVE-2012-2416 asterisk various flaws [epel-6]2012-04-24
Bugzilla
CVE-2012-2415 asterisk: Heap buffer overflow in Skinny channel driver (AST-2012-005)2012-04-24
CVE-2012-2415 — Debian Asterisk vulnerability | cvebase