CVE-2012-2948 — Asterisk vulnerability

CWE-39910 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

3.9%

top 11.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sangoma Asterisk Debian Asterisk Asterisk Certified Asterisk +2 more

Timeline

PublishedJun 2

Latest updateMay 17

Description

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages6 packages

▶NVDasterisk/open_source20 versions+19

▶NVDasterisk/certified_asterisk1.8.11

▶debiandebian/asterisk< asterisk 1:1.8.13.0~dfsg-1 (bullseye)+1

▶Debiansangoma/asterisk< 1:1.8.13.0~dfsg-1

▶NVDsangoma/asterisk1.8.12.0+1

🔴Vulnerability Details

GHSA

GHSA-9mqv-jvm5-5mv6: chan_skinny↗2022-05-17

▶

GHSA

GHSA-chr5-w9ff-5gcw: chan_skinny↗2022-05-17

▶

OSV

CVE-2012-2948: chan_skinny↗2012-06-02

▶

📋Vendor Advisories

Debian

CVE-2012-3553: asterisk - chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10...↗2012

▶

Debian

CVE-2012-2948: asterisk - chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8....↗2012

▶

💬Community

Bugzilla

CVE-2012-2948 asterisk: Remote crash in Skinny channel driver (AST-2012-008)↗2012-05-30

▶

Bugzilla

CVE-2012-2947 CVE-2012-2948 asterisk various flaws [fedora-all]↗2012-05-30

▶

Bugzilla

CVE-2012-2947 CVE-2012-2948 asterisk various flaws [epel-6]↗2012-05-30

▶