CVE-2012-5976Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
29.7%
top 3.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Asterisk Certified AsteriskDigium AsteriskDebian Asterisk+3 more
Timeline
PublishedJan 4
Latest updateMay 17

Description

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

NVDasterisk/digiumphones14 versions+13
NVDasterisk/open_source89 versions+88
Debianasterisk/certified_asterisk< 1:1.8.13.1~dfsg-2
NVDasterisk/certified_asterisk1.8.15, 1.8.15.0+1

🔴Vulnerability Details

4
GHSA
GHSA-32mc-px3q-67r4: main/http2022-05-17
GHSA
GHSA-3g3q-h95m-9mp2: Multiple stack consumption vulnerabilities in Asterisk Open Source 12022-05-17
OSV
CVE-2013-2686: main/http2013-04-01
OSV
CVE-2012-5976: Multiple stack consumption vulnerabilities in Asterisk Open Source 12013-01-04

📋Vendor Advisories

2
Debian
CVE-2013-2686: asterisk - main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10...2013
Debian
CVE-2012-5976: asterisk - Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before ...2012

💬Community

3
Bugzilla
CVE-2012-5976 CVE-2012-5977 asterisk various flaws [fedora-all]2013-01-03
Bugzilla
CVE-2012-5976 asterisk: Crashes due to large stack allocations when using TCP (AST-2012-014)2013-01-03
Bugzilla
CVE-2012-5976 CVE-2012-5977 asterisk various flaws [epel-6]2013-01-03
CVE-2012-5976 — Debian Asterisk vulnerability | cvebase