CVE-2012-3553 — Asterisk vulnerability

5 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 78.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedJun 19

Latest updateMay 17

Description

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDdigium/asterisk14 versions+13

▶debiandebian/asterisk

🔴Vulnerability Details

GHSA

GHSA-9mqv-jvm5-5mv6: chan_skinny↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2012-3553: asterisk - chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10...↗2012

▶

💬Community

Bugzilla

CVE-2012-3553 asterisk: skinny channel driver remote crash vulnerability↗2012-06-16

▶

Bugzilla

CVE-2012-3553 asterisk: skinny channel driver remote crash vulnerability [fedora-17]↗2012-06-16

▶