CVE-2012-3812 — Double Free in Asterisk

CWE-3998 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

7.2%

top 8.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Digium Asteriske +1 more

Timeline

PublishedJul 9

Latest updateMay 17

Description

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages5 packages

▶NVDdigium/certified_asterisk1.8.11

▶debiandebian/asterisk< asterisk 1:1.8.13.1~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:1.8.13.1~dfsg-1

▶NVDdigium/asterisk47 versions+46

▶NVDdigium/asteriske1.8.8.0, 1.8.9.1+1

🔴Vulnerability Details

GHSA

GHSA-r2j8-5ch8-9m3x: Double free vulnerability in apps/app_voicemail↗2022-05-17

▶

OSV

CVE-2012-3812: Double free vulnerability in apps/app_voicemail↗2012-07-09

▶

📋Vendor Advisories

Debian

CVE-2012-3812: asterisk - Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x ...↗2012

▶

💬Community

Bugzilla

CVE-2012-3812 asterisk: Remote crash vulnerability in voice mail application↗2012-07-06

▶

Bugzilla

CVE-2012-3863 CVE-2012-3812 asterisk various flaws [fedora-16]↗2012-07-06

▶

Bugzilla

CVE-2012-3863 CVE-2012-3812 asterisk various flaws [fedora-17]↗2012-07-06

▶

Bugzilla

CVE-2012-3863 CVE-2012-3812 asterisk various flaws [epel-6]↗2012-07-06

▶