CVE-2012-5977 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Asterisk

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 21.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk Digium Certified Asterisk

Timeline

PublishedJan 4

Latest updateMay 17

Description

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDdigium/certified_asterisk1.8.11

▶debiandebian/asterisk< asterisk 1:1.8.13.1~dfsg-2 (bullseye)

▶Debiandigium/asterisk< 1:1.8.13.1~dfsg-2

▶NVDdigium/asterisk1.8.19.0+77

🔴Vulnerability Details

GHSA

GHSA-43h5-hjxq-m9rj: Asterisk Open Source 1↗2022-05-17

▶

OSV

CVE-2012-5977: Asterisk Open Source 1↗2013-01-04

▶

📋Vendor Advisories

Debian

CVE-2012-5977: asterisk - Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before...↗2012

▶

💬Community

Bugzilla

CVE-2012-5977 asterisk: Denial of service through exploitation of device state caching (AST-2012-015)↗2013-01-03

▶

Bugzilla

CVE-2012-5976 CVE-2012-5977 asterisk various flaws [fedora-all]↗2013-01-03

▶

Bugzilla

CVE-2012-5976 CVE-2012-5977 asterisk various flaws [epel-6]↗2013-01-03

▶