cve-2012-2948

Vulnerability from cvelistv5

Published

2012-06-02 15:00

Modified

2024-08-06 19:50

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-008.html
	cve@mitre.org	http://secunia.com/advisories/49303
	cve@mitre.org	http://www.debian.org/security/2012/dsa-2493
	cve@mitre.org	http://www.securityfocus.com/bid/53723
	cve@mitre.org	http://www.securitytracker.com/id?1027103
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75937
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-008.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49303
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2493
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53723
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027103
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75937

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:50:05.178Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "asterisk-scd-dos(75937)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
               },
               {
                  name: "1027103",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1027103",
               },
               {
                  name: "DSA-2493",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2012/dsa-2493",
               },
               {
                  name: "53723",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/53723",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
               },
               {
                  name: "49303",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49303",
               },
               {
                  name: "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-05-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "asterisk-scd-dos(75937)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
            },
            {
               name: "1027103",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1027103",
            },
            {
               name: "DSA-2493",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2012/dsa-2493",
            },
            {
               name: "53723",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/53723",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
            },
            {
               name: "49303",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49303",
            },
            {
               name: "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-2948",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "asterisk-scd-dos(75937)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
                  },
                  {
                     name: "1027103",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1027103",
                  },
                  {
                     name: "DSA-2493",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2012/dsa-2493",
                  },
                  {
                     name: "53723",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/53723",
                  },
                  {
                     name: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
                     refsource: "CONFIRM",
                     url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
                  },
                  {
                     name: "49303",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/49303",
                  },
                  {
                     name: "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2012-2948",
      datePublished: "2012-06-02T15:00:00",
      dateReserved: "2012-05-29T00:00:00",
      dateUpdated: "2024-08-06T19:50:05.178Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2012-2948\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-06-02T15:55:01.027\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.\"},{\"lang\":\"es\",\"value\":\"chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (eliminar la referencia del puntero NULL y caída demonio) por el cierre de una conexión en el modo de descuelgue.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*\",\"matchCriteriaId\":\"4889B1B5-5160-476E-A1C0-BEAE63C85CEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"62867AEF-D685-4B1F-8AB9-D1CCAC559821\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACE48FBD-2560-4477-ABD2-C90729523BC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F03C40-6B70-41D1-96CF-DD5F2924D0C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8F0B6E3-37B8-4780-BB17-D471A7AB7E58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"445941A9-EE2C-45C0-BCEB-9EC7F9F9439D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C60A84B-E0BC-491B-B6E6-76E658BB91EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"035B04BC-C132-4CF6-9FE4-561A4104F392\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21DF0C9-16E4-44B0-8749-85F7F245A87A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"37612FE6-C8B7-4925-81F5-ADB82A8F101E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"92181940-ED5C-442C-82BA-4F0F233FB11B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CE3E94-341F-4D0C-937E-39B119925C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C721635-2801-40E8-B5FE-734054D718D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15ED9311-9E4E-4998-BD99-CDEB8E4F2C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"815F7045-FC6D-4D57-A7AE-F63B0FC67251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"09918CFC-C6A0-45ED-91EA-A4D9295C6CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F211C14-8E50-4FB7-82EA-FE6975290DE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0698EDFB-D156-4572-9008-0243FA6FD2FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16350161-9CF1-4AD3-954C-598D249CF962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AC55C54-7AD7-49BE-A050-DC6878391208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B208EBB-0387-4223-A196-CE142E6B908B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"095BF874-0E0B-4F8F-8A11-ED096DD3A824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4067E71D-93A8-4B56-AE4A-FCB6E31577E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"779DEAC5-CBC7-4844-9A2E-97AEB49704EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"913D2C84-B987-4DEE-8F9E-0FDF14BECE2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"63889FD0-714B-4E02-8F34-00E4857A544A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A15B538D-DC9D-46B4-A455-341E8A2831E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FE32479-5D98-443F-8FA9-F6281726BDF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"78841A3E-7D56-4737-9815-E1144FD0A44A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC295454-D897-425C-BFC8-91A72865A132\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3830A3E2-09A1-487E-8EFA-27F8B4C61CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAC942FB-83A2-4698-B410-F4C6AED0849A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"39E78E52-2AA4-42A5-9CE6-22DF2CF01704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DF04D4C-DFED-4E71-BA0C-854823BB41CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"518A8882-B1A6-408E-9B39-F01034A50190\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBBB850-2AE6-4EC1-993F-AD7AF2E80008\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1075D5D-5F81-4E26-90B0-60659B8D36B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6880B042-11B1-430F-90A1-70F93FC5BAF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F074B06-6788-47AB-8C39-BA5E2E39ACC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"85522E25-E76C-4CCF-AB7C-A74E1703D919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC3BE912-0B42-416B-A0E2-B17FDF07BAAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FC9C2FB-A77B-4242-B4A1-92112E1C19B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.12.0\",\"matchCriteriaId\":\"FB8D9B19-BD1E-4E1C-A1C3-6C64A6612233\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33DD2B8E-6AB1-45CD-85F5-E0F5234585BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52BDDAC0-5CEE-4054-8930-EAF25FE528FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"12BCF63F-DA77-48A1-861D-F6E710E3CA16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"66666CD2-8921-4641-AD72-21F4386DC731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C549DD5-68F9-44FC-92B9-09A0E6F87315\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51407A8B-AF19-43FA-8D57-A6A35D465D1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"911CCAF6-6E29-43B6-AF76-909016CD46ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B46E218-9EFA-4224-BC5D-1A2F38559E38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1F43E8-6159-46FA-8BF5-360EA9D466BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75E0A69-9251-4CE1-9E83-188F0D35DEFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"17E6BD3C-B88D-4C80-B77F-2A95767B9A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AC1C9EC-A84F-401B-BF59-F4938B6A2F59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB76519-FD6D-4D74-8DF7-719822588C12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"335F9C06-5E40-4E14-B018-15151E14414D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DEA8945-9ACD-4CE7-A5E6-5207E16C663E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4FCD6B4-ED33-424F-AD30-64227894B0B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.4.0\",\"matchCriteriaId\":\"8E7D4883-79E3-4DD1-A555-136A0664E94E\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2012-008.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/49303\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2493\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/53723\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1027103\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75937\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2012-008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2012/dsa-2493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/53723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75937\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

gsd-2012-2948

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-2948

Aliases

CVE-2012-2948

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2012-2948",
      description: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
      id: "GSD-2012-2948",
      references: [
         "https://www.debian.org/security/2012/dsa-2493",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2012-2948",
         ],
         details: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
         id: "GSD-2012-2948",
         modified: "2023-12-13T01:20:16.428190Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "cve@mitre.org",
            ID: "CVE-2012-2948",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "asterisk-scd-dos(75937)",
                  refsource: "XF",
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
               },
               {
                  name: "1027103",
                  refsource: "SECTRACK",
                  url: "http://www.securitytracker.com/id?1027103",
               },
               {
                  name: "DSA-2493",
                  refsource: "DEBIAN",
                  url: "http://www.debian.org/security/2012/dsa-2493",
               },
               {
                  name: "53723",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/53723",
               },
               {
                  name: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
                  refsource: "CONFIRM",
                  url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
               },
               {
                  name: "49303",
                  refsource: "SECUNIA",
                  url: "http://secunia.com/advisories/49303",
               },
               {
                  name: "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
                  refsource: "BUGTRAQ",
                  url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "1.8.12.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "10.4.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2012-2948",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-399",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
                     refsource: "CONFIRM",
                     tags: [],
                     url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
                  },
                  {
                     name: "DSA-2493",
                     refsource: "DEBIAN",
                     tags: [],
                     url: "http://www.debian.org/security/2012/dsa-2493",
                  },
                  {
                     name: "1027103",
                     refsource: "SECTRACK",
                     tags: [],
                     url: "http://www.securitytracker.com/id?1027103",
                  },
                  {
                     name: "53723",
                     refsource: "BID",
                     tags: [],
                     url: "http://www.securityfocus.com/bid/53723",
                  },
                  {
                     name: "49303",
                     refsource: "SECUNIA",
                     tags: [],
                     url: "http://secunia.com/advisories/49303",
                  },
                  {
                     name: "20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability",
                     refsource: "BUGTRAQ",
                     tags: [],
                     url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
                  },
                  {
                     name: "asterisk-scd-dos(75937)",
                     refsource: "XF",
                     tags: [],
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
               exploitabilityScore: 8,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2017-08-29T01:31Z",
         publishedDate: "2012-06-02T15:55Z",
      },
   },
}

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. Asterisk is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to trigger a NULL-pointer dereference and cause a system crash, denying service to legitimate users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-05

                                        http://security.gentoo.org/

Severity: Normal Title: Asterisk: Multiple vulnerabilities Date: June 21, 2012 Bugs: #413353, #418189, #418191 ID: 201206-05

Synopsis

Multiple vulnerabilities in Asterisk might allow remote attackers to execute arbitrary code.

Background

Asterisk is an open source telephony engine and toolkit.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/asterisk < 1.8.12.1 >= 1.8.12.1

Description

Multiple vulnerabilities have been found in Asterisk:

An error in manager.c allows shell access through the MixMonitor application, GetVar, or Status (CVE-2012-2414).
An error in chan_skinny.c could cause a heap-based buffer overflow (CVE-2012-2415).
An error in chan_sip.c prevents Asterisk from checking if a channel exists before connected line updates (CVE-2012-2416).
An error in chan_iax2.c may cause an invalid pointer to be called (CVE-2012-2947).
chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948).

Impact

A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Asterisk users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.12.1"

References

[ 1 ] CVE-2012-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2414 [ 2 ] CVE-2012-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2415 [ 3 ] CVE-2012-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2416 [ 4 ] CVE-2012-2947 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2947 [ 5 ] CVE-2012-2948 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2948

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201206-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . When an SCCP client
closes its connection to the server, a pointer in a
structure is set to Null. If the client was not in the
on-hook state at the time the connection was closed, this
pointer is later dereferenced. "Off hook") to crash
the server. Successful exploitation of this vulnerability
would result in termination of the server, causing denial
of service to legitimate users."

Resolution  The pointer to the device in the structure is now checked     
            before it is dereferenced in the channel event callbacks and  
            message handling functions.

                           Affected Versions
            Product              Release Series  
     Asterisk Open Source            1.8.x       All Versions             
     Asterisk Open Source             10.x       All Versions             
      Certified Asterisk          1.8.11-cert    1.8.11-cert1

                              Corrected In
               Product                              Release               
        Asterisk Open Source                   1.8.12.1, 10.4.1           
         Certified Asterisk                      1.8.11-cert2

                                   Patches                           
                            SVN URL                                    Revision

http://downloads.asterisk.org/pub/security/AST-2012-008-1.8.diff v1.8
http://downloads.asterisk.org/pub/security/AST-2012-008-10.diff v10
http://downloads.asterisk.org/pub/security/AST-2012-008-1.8.11-cert.diff v1.8.11-cert

   Links     https://issues.asterisk.org/jira/browse/ASTERISK-19905

Asterisk Project Security Advisories are posted at                        
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest      
version will be posted at                                                 
http://downloads.digium.com/pub/security/AST-2012-008.pdf and             
http://downloads.digium.com/pub/security/AST-2012-008.html

                            Revision History
      Date                  Editor                 Revisions Made         
05/25/2012         Matt Jordan               Initial Release

           Asterisk Project Security Advisory - AST-2012-008
          Copyright (c) 2012 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.

Full-Disclosure - We believe in it.

In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility.

For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:1.8.13.0~dfsg-1.

We recommend that you upgrade your asterisk packages.

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP15u9AAoJEL97/wQC1SS+Pu0H/0ZPFRSNpL+hJKd7b5FGF6al BZSp51eAC0d2mEFWMml4DAvx6u1gMPzrO9PPNgsEc6gxNyD4Stj+rF54h6X5i5NR ZSlyeQTQ292J18+LdANYWwxQJyzNNthNmYL/2AiR6z2BRnD3ZqHiPbWGv0FV4Vyw rT8fZ7ujp7CQlFGwcqjPxUzBqEq5U2raN2K9BoP6zpu8mHf9WzcmL4KZR/wJxMkf 04McrMttF++gM3atFSSXCWC5Bpj8q0xpr3YIv0dI8+fWPFpevNX2MBM+diS06iNc PUWfCPTy2Psl46dC3J+JeF8TPWE/HCmV98DD54DEv0R1tPUmNm362dtfiutiBbQ= =Wy1e -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------

Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch

TITLE: Asterisk Two Denial of Service Vulnerabilities

SECUNIA ADVISORY ID: SA49303

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49303

RELEASE DATE: 2012-05-30

DISCUSS ADVISORY: http://secunia.com/advisories/49303/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/49303/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=49303

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: Two vulnerabilities have been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error in IAX2 channel driver within the "handle_request_update()" function (channels/chan_sip.c) when placing an established call on hold can be exploited to cause a crash via specially crafted packets.

Successful exploitation of this vulnerability requires that the setting mohinterpret=passthrough is set and that the call is placed on hold without a suggested music-on-hold class name.

2) An error in SCCP (Skinny) channel driver (channels/chan_skinny.c) when handling termination of a client's connection can be exploited to cause a crash by closing a connection to the server in certain call states.

The vulnerabilities are reported in versions 1.8.11-cert prior to 1.8.11-cert2, 1.8.x prior to 1.8.12.1, and 10.x prior to 10.4.1.

SOLUTION: Update to a fixed version.

Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) mgrobecker 2) Christoph Hebeisen

ORIGINAL ADVISORY: http://downloads.asterisk.org/pub/security/AST-2012-007.html http://downloads.asterisk.org/pub/security/AST-2012-008.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201206-0140",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "open source",
            scope: "eq",
            trust: 1.6,
            vendor: "asterisk",
            version: "10.0.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1.6,
            vendor: "asterisk",
            version: "10.1.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1.6,
            vendor: "asterisk",
            version: "10.2.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.2",
         },
         {
            model: "asterisk",
            scope: "lte",
            trust: 1,
            vendor: "sangoma",
            version: "10.4.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.8.0",
         },
         {
            model: "certified asterisk",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.11",
         },
         {
            model: "asterisk",
            scope: "lte",
            trust: 1,
            vendor: "sangoma",
            version: "1.8.12.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.6.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.11.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.7.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.9.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "10.3.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "10.4.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.5",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.10.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.3",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.1",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "10.3",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.12",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.12.0",
         },
         {
            model: "open source",
            scope: "eq",
            trust: 1,
            vendor: "asterisk",
            version: "1.8.5.0",
         },
         {
            model: "asterisk open source",
            scope: "lt",
            trust: 0.8,
            vendor: "digium",
            version: "1.8.x",
         },
         {
            model: "certified asterisk",
            scope: "lt",
            trust: 0.8,
            vendor: "digium",
            version: "1.8.11-cert",
         },
         {
            model: "certified asterisk",
            scope: "eq",
            trust: 0.8,
            vendor: "digium",
            version: "1.8.11-cert2",
         },
         {
            model: "asterisk open source",
            scope: "eq",
            trust: 0.8,
            vendor: "digium",
            version: "1.8.12.1",
         },
         {
            model: "asterisk open source",
            scope: "eq",
            trust: 0.8,
            vendor: "digium",
            version: "10.4.1",
         },
         {
            model: "asterisk open source",
            scope: "lt",
            trust: 0.8,
            vendor: "digium",
            version: "10.x",
         },
         {
            model: "linux",
            scope: null,
            trust: 0.3,
            vendor: "gentoo",
            version: null,
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux s/390",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux mips",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux ia-64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux ia-32",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "certified asterisk 1.8.11-cert1",
            scope: null,
            trust: 0.3,
            vendor: "asterisk",
            version: null,
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.0.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.0",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.82",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.42",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.41",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.24",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.3.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.3.0",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.2.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.2.0",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.7.2",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.7.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.4.4",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.4.3",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.3.3",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.3.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.2.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.11.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.11.0",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.10.1",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.10.0",
         },
         {
            model: "asterisk",
            scope: "eq",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.1.2",
         },
         {
            model: "certified asterisk 1.8.11-cert2",
            scope: "ne",
            trust: 0.3,
            vendor: "asterisk",
            version: null,
         },
         {
            model: "asterisk",
            scope: "ne",
            trust: 0.3,
            vendor: "asterisk",
            version: "10.4.1",
         },
         {
            model: "asterisk",
            scope: "ne",
            trust: 0.3,
            vendor: "asterisk",
            version: "1.8.12.1",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:digium:open_source",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:digium:certified_asterisk",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Christoph Hebeisen",
      sources: [
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
      ],
      trust: 0.9,
   },
   cve: "CVE-2012-2948",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "SINGLE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "PARTIAL",
                  baseScore: 4,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8,
                  id: "CVE-2012-2948",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.8,
                  vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2012-2948",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2012-2948",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201205-525",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. Asterisk is prone to a remote denial-of-service vulnerability. \nAttackers can exploit this issue to trigger a NULL-pointer dereference and cause a system crash, denying service to legitimate users. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201206-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Asterisk: Multiple vulnerabilities\n     Date: June 21, 2012\n     Bugs: #413353, #418189, #418191\n       ID: 201206-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Asterisk might allow remote attackers to\nexecute arbitrary code. \n\nBackground\n==========\n\nAsterisk is an open source telephony engine and toolkit. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/asterisk           < 1.8.12.1               >= 1.8.12.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in Asterisk:\n\n* An error in manager.c allows shell access through the MixMonitor\n  application, GetVar, or Status (CVE-2012-2414). \n* An error in chan_skinny.c could cause a heap-based buffer overflow\n  (CVE-2012-2415). \n* An error in chan_sip.c prevents Asterisk from checking if a channel\n  exists before connected line updates (CVE-2012-2416). \n* An error in chan_iax2.c may cause an invalid pointer to be called\n  (CVE-2012-2947). \n* chan_skinny.c contains a NULL pointer dereference (CVE-2012-2948). \n\nImpact\n======\n\nA remote attacker could execute arbitrary code with the privileges of\nthe process or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Asterisk users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/asterisk-1.8.12.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-2414\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2414\n[ 2 ] CVE-2012-2415\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2415\n[ 3 ] CVE-2012-2416\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2416\n[ 4 ] CVE-2012-2947\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2947\n[ 5 ] CVE-2012-2948\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2948\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. When an SCCP client     \n                 closes its connection to the server, a pointer in a          \n                 structure is set to Null. If the client was not in the       \n                 on-hook state at the time the connection was closed, this    \n                 pointer is later dereferenced. \"Off hook\") to crash     \n                 the server. Successful exploitation of this vulnerability    \n                 would result in termination of the server, causing denial    \n                 of service to legitimate users.\"                             \n\n    Resolution  The pointer to the device in the structure is now checked     \n                before it is dereferenced in the channel event callbacks and  \n                message handling functions.                                   \n\n                               Affected Versions\n                Product              Release Series  \n         Asterisk Open Source            1.8.x       All Versions             \n         Asterisk Open Source             10.x       All Versions             \n          Certified Asterisk          1.8.11-cert    1.8.11-cert1             \n\n                                  Corrected In\n                   Product                              Release               \n            Asterisk Open Source                   1.8.12.1, 10.4.1           \n             Certified Asterisk                      1.8.11-cert2             \n\n                                       Patches                           \n                                SVN URL                                    Revision   \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-1.8.diff         v1.8         \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-10.diff          v10          \nhttp://downloads.asterisk.org/pub/security/AST-2012-008-1.8.11-cert.diff v1.8.11-cert \n\n       Links     https://issues.asterisk.org/jira/browse/ASTERISK-19905       \n\n    Asterisk Project Security Advisories are posted at                        \n    http://www.asterisk.org/security                                          \n                                                                              \n    This document may be superseded by later versions; if so, the latest      \n    version will be posted at                                                 \n    http://downloads.digium.com/pub/security/AST-2012-008.pdf and             \n    http://downloads.digium.com/pub/security/AST-2012-008.html                \n\n                                Revision History\n          Date                  Editor                 Revisions Made         \n    05/25/2012         Matt Jordan               Initial Release              \n\n               Asterisk Project Security Advisory - AST-2012-008\n              Copyright (c) 2012 Digium, Inc. All Rights Reserved. \n  Permission is hereby granted to distribute and publish this advisory in its\n                           original, unaltered form. \n\n_______________________________________________\nFull-Disclosure - We believe in it. \n\nIn addition, it was discovered that Asterisk does not set the\nalwaysauthreject option by default in the SIP channel driver.  This\nallows remote attackers to observe a difference in response behavior\nand check for the presence of account names.  (CVE-2011-2666)  System\nadministrators concerned by this user enumerating vulnerability should\nenable the alwaysauthreject option in the configuration.  We do not\nplan to change the default setting in the stable version\n(Asterisk 1.6) in order to preserve backwards compatibility. \n\nFor the testing distribution (wheezy) and the unstable distribution\n(sid), this problem has been fixed in version 1:1.8.13.0~dfsg-1. \n\nWe recommend that you upgrade your asterisk packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niQEcBAEBAgAGBQJP15u9AAoJEL97/wQC1SS+Pu0H/0ZPFRSNpL+hJKd7b5FGF6al\nBZSp51eAC0d2mEFWMml4DAvx6u1gMPzrO9PPNgsEc6gxNyD4Stj+rF54h6X5i5NR\nZSlyeQTQ292J18+LdANYWwxQJyzNNthNmYL/2AiR6z2BRnD3ZqHiPbWGv0FV4Vyw\nrT8fZ7ujp7CQlFGwcqjPxUzBqEq5U2raN2K9BoP6zpu8mHf9WzcmL4KZR/wJxMkf\n04McrMttF++gM3atFSSXCWC5Bpj8q0xpr3YIv0dI8+fWPFpevNX2MBM+diS06iNc\nPUWfCPTy2Psl46dC3J+JeF8TPWE/HCmV98DD54DEv0R1tPUmNm362dtfiutiBbQ=\n=Wy1e\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nAsterisk Two Denial of Service Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA49303\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/49303/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=49303\n\nRELEASE DATE:\n2012-05-30\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/49303/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/49303/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory&vuln_id=49303\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in Asterisk, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\n1) An error in IAX2 channel driver within the\n\"handle_request_update()\" function (channels/chan_sip.c) when placing\nan established call on hold can be exploited to cause a crash via\nspecially crafted packets. \n\nSuccessful exploitation of this vulnerability requires that the\nsetting mohinterpret=passthrough is set and that the call is placed\non hold without a suggested music-on-hold class name. \n\n2) An error in SCCP (Skinny) channel driver (channels/chan_skinny.c)\nwhen handling termination of a client's connection can be exploited\nto cause a crash by closing a connection to the server in certain\ncall states. \n\nThe vulnerabilities are reported in versions 1.8.11-cert prior to\n1.8.11-cert2, 1.8.x prior to 1.8.12.1, and 10.x prior to 10.4.1. \n\nSOLUTION:\nUpdate to a fixed version. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) mgrobecker\n2) Christoph Hebeisen\n\nORIGINAL ADVISORY:\nhttp://downloads.asterisk.org/pub/security/AST-2012-007.html\nhttp://downloads.asterisk.org/pub/security/AST-2012-008.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            db: "PACKETSTORM",
            id: "113546",
         },
         {
            db: "PACKETSTORM",
            id: "113124",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-2948",
            trust: 3,
         },
         {
            db: "BID",
            id: "53723",
            trust: 1.9,
         },
         {
            db: "SECUNIA",
            id: "49303",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1027103",
            trust: 1,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "113979",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "113113",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "113546",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "113124",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            db: "PACKETSTORM",
            id: "113546",
         },
         {
            db: "PACKETSTORM",
            id: "113124",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   id: "VAR-201206-0140",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.348297215,
   },
   last_update_date: "2024-11-23T21:02:58.171000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "AST-2012-008",
            trust: 0.8,
            url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
         },
         {
            title: "DSA-2493",
            trust: 0.8,
            url: "http://www.debian.org/security/2012/dsa-2493",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-399",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-008.html",
         },
         {
            trust: 1.6,
            url: "http://www.securityfocus.com/bid/53723",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/49303",
         },
         {
            trust: 1,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
         },
         {
            trust: 1,
            url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
         },
         {
            trust: 1,
            url: "http://www.debian.org/security/2012/dsa-2493",
         },
         {
            trust: 1,
            url: "http://www.securitytracker.com/id?1027103",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2948",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2948",
         },
         {
            trust: 0.3,
            url: "http://www.asterisk.org/",
         },
         {
            trust: 0.3,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-008.pdf",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-2948",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-2947",
         },
         {
            trust: 0.2,
            url: "http://secunia.com/",
         },
         {
            trust: 0.2,
            url: "http://lists.grok.org.uk/full-disclosure-charter.html",
         },
         {
            trust: 0.1,
            url: "http://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2948",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2415",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-2415",
         },
         {
            trust: 0.1,
            url: "http://security.gentoo.org/glsa/glsa-201206-05.xml",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-2414",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2012-2416",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2947",
         },
         {
            trust: 0.1,
            url: "http://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2414",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2416",
         },
         {
            trust: 0.1,
            url: "http://www.asterisk.org/security",
         },
         {
            trust: 0.1,
            url: "https://issues.asterisk.org/jira/browse/asterisk-19905",
         },
         {
            trust: 0.1,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-008-1.8.diff",
         },
         {
            trust: 0.1,
            url: "http://downloads.digium.com/pub/security/ast-2012-008.html",
         },
         {
            trust: 0.1,
            url: "http://downloads.digium.com/pub/security/ast-2012-008.pdf",
         },
         {
            trust: 0.1,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-008-10.diff",
         },
         {
            trust: 0.1,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-008-1.8.11-cert.diff",
         },
         {
            trust: 0.1,
            url: "http://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "http://www.debian.org/security/",
         },
         {
            trust: 0.1,
            url: "https://ca.secunia.com/?page=viewadvisory&vuln_id=49303",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/49303/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/psi_30_beta_launch",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/vulnerability_intelligence/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/vulnerability_scanning/personal/",
         },
         {
            trust: 0.1,
            url: "http://downloads.asterisk.org/pub/security/ast-2012-007.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/49303/#comments",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/about_secunia_advisories/",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            db: "PACKETSTORM",
            id: "113546",
         },
         {
            db: "PACKETSTORM",
            id: "113124",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "BID",
            id: "53723",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            db: "PACKETSTORM",
            id: "113546",
         },
         {
            db: "PACKETSTORM",
            id: "113124",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-05-29T00:00:00",
            db: "BID",
            id: "53723",
         },
         {
            date: "2012-06-05T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            date: "2012-06-21T04:39:39",
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            date: "2012-05-29T23:38:21",
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            date: "2012-06-12T20:50:36",
            db: "PACKETSTORM",
            id: "113546",
         },
         {
            date: "2012-05-30T03:42:47",
            db: "PACKETSTORM",
            id: "113124",
         },
         {
            date: "2012-05-29T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            date: "2012-06-02T15:55:01.027000",
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-06-22T00:10:00",
            db: "BID",
            id: "53723",
         },
         {
            date: "2012-06-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
         {
            date: "2012-06-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
         {
            date: "2024-11-21T01:40:00.380000",
            db: "NVD",
            id: "CVE-2012-2948",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "113979",
         },
         {
            db: "PACKETSTORM",
            id: "113113",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
      ],
      trust: 0.8,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Certified Asterisk and  Asterisk Open Source Service disruption in  (DoS) Vulnerabilities",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-002590",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "resource management error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201205-525",
         },
      ],
      trust: 0.6,
   },
}

ghsa-chr5-w9ff-5gcw

Vulnerability from github

Published

2022-05-17 01:44

Modified

2022-05-17 01:44

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2012-2948",
   ],
   database_specific: {
      cwe_ids: [],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2012-06-02T15:55:00Z",
      severity: "MODERATE",
   },
   details: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
   id: "GHSA-chr5-w9ff-5gcw",
   modified: "2022-05-17T01:44:57Z",
   published: "2022-05-17T01:44:57Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2948",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
      },
      {
         type: "WEB",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
      },
      {
         type: "WEB",
         url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
      },
      {
         type: "WEB",
         url: "http://secunia.com/advisories/49303",
      },
      {
         type: "WEB",
         url: "http://www.debian.org/security/2012/dsa-2493",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/53723",
      },
      {
         type: "WEB",
         url: "http://www.securitytracker.com/id?1027103",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

fkie_cve-2012-2948

Vulnerability from fkie_nvd

Published

2012-06-02 15:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
	cve@mitre.org	http://downloads.asterisk.org/pub/security/AST-2012-008.html
	cve@mitre.org	http://secunia.com/advisories/49303
	cve@mitre.org	http://www.debian.org/security/2012/dsa-2493
	cve@mitre.org	http://www.securityfocus.com/bid/53723
	cve@mitre.org	http://www.securitytracker.com/id?1027103
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75937
	af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html
	af854a3a-2127-422b-91ae-364da2661108	http://downloads.asterisk.org/pub/security/AST-2012-008.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49303
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2493
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53723
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027103
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75937

Impacted products

Vendor	Product	Version
asterisk	certified_asterisk	1.8.11
asterisk	certified_asterisk	1.8.11
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0
asterisk	open_source	1.8.1
asterisk	open_source	1.8.1
asterisk	open_source	1.8.2
asterisk	open_source	1.8.2
asterisk	open_source	1.8.3
asterisk	open_source	1.8.5
asterisk	open_source	1.8.5.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.11.0
asterisk	open_source	1.8.12
asterisk	open_source	1.8.12.0
asterisk	open_source	1.8.12.0
asterisk	open_source	1.8.12.0
sangoma	asterisk	*
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0
asterisk	open_source	10.1.0
asterisk	open_source	10.1.0
asterisk	open_source	10.1.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0
asterisk	open_source	10.3
asterisk	open_source	10.3.0
asterisk	open_source	10.3.0
asterisk	open_source	10.3.0
asterisk	open_source	10.4.0
asterisk	open_source	10.4.0
asterisk	open_source	10.4.0
sangoma	asterisk	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert:*:*:*:*:*:*",
                     matchCriteriaId: "4889B1B5-5160-476E-A1C0-BEAE63C85CEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:certified_asterisk:1.8.11:cert1:*:*:*:*:*:*",
                     matchCriteriaId: "62867AEF-D685-4B1F-8AB9-D1CCAC559821",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ACE48FBD-2560-4477-ABD2-C90729523BC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "97F03C40-6B70-41D1-96CF-DD5F2924D0C5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "B8F0B6E3-37B8-4780-BB17-D471A7AB7E58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*",
                     matchCriteriaId: "445941A9-EE2C-45C0-BCEB-9EC7F9F9439D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*",
                     matchCriteriaId: "7C60A84B-E0BC-491B-B6E6-76E658BB91EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*",
                     matchCriteriaId: "035B04BC-C132-4CF6-9FE4-561A4104F392",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "E21DF0C9-16E4-44B0-8749-85F7F245A87A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "AE6A2723-FAE7-4A87-A2A3-E94D9CC2DCB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "37612FE6-C8B7-4925-81F5-ADB82A8F101E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "92181940-ED5C-442C-82BA-4F0F233FB11B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "28EEF1DB-00C6-4DFC-BB48-C4A308F60DAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "67CE3E94-341F-4D0C-937E-39B119925C9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "5C721635-2801-40E8-B5FE-734054D718D3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "15ED9311-9E4E-4998-BD99-CDEB8E4F2C74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "815F7045-FC6D-4D57-A7AE-F63B0FC67251",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "09918CFC-C6A0-45ED-91EA-A4D9295C6CBA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "A7D38CAA-BECD-4FD7-8E42-72CB2B1DC699",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4F211C14-8E50-4FB7-82EA-FE6975290DE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0698EDFB-D156-4572-9008-0243FA6FD2FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "16350161-9CF1-4AD3-954C-598D249CF962",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "24EB6F7B-AD3C-42A2-B811-3CF3EEDD8438",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "7AC55C54-7AD7-49BE-A050-DC6878391208",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B208EBB-0387-4223-A196-CE142E6B908B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "095BF874-0E0B-4F8F-8A11-ED096DD3A824",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "4067E71D-93A8-4B56-AE4A-FCB6E31577E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "779DEAC5-CBC7-4844-9A2E-97AEB49704EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "913D2C84-B987-4DEE-8F9E-0FDF14BECE2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "63889FD0-714B-4E02-8F34-00E4857A544A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "A15B538D-DC9D-46B4-A455-341E8A2831E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "8FE32479-5D98-443F-8FA9-F6281726BDF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*",
                     matchCriteriaId: "78841A3E-7D56-4737-9815-E1144FD0A44A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC295454-D897-425C-BFC8-91A72865A132",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "3830A3E2-09A1-487E-8EFA-27F8B4C61CB4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "CAC942FB-83A2-4698-B410-F4C6AED0849A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "86ED40AD-0A52-4B4C-B4CA-F8D1A4CAF866",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07FC62DE-74D3-42A9-94E8-6DCE62F3D2B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "39E78E52-2AA4-42A5-9CE6-22DF2CF01704",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "3DF04D4C-DFED-4E71-BA0C-854823BB41CC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "518A8882-B1A6-408E-9B39-F01034A50190",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "2EBBB850-2AE6-4EC1-993F-AD7AF2E80008",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1075D5D-5F81-4E26-90B0-60659B8D36B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "6880B042-11B1-430F-90A1-70F93FC5BAF2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "0F074B06-6788-47AB-8C39-BA5E2E39ACC4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "1ACB7C4A-7CF7-4D57-B65D-741AFA6393EC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "85522E25-E76C-4CCF-AB7C-A74E1703D919",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "AC3BE912-0B42-416B-A0E2-B17FDF07BAAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:1.8.12.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "4FC9C2FB-A77B-4242-B4A1-92112E1C19B2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB8D9B19-BD1E-4E1C-A1C3-6C64A6612233",
                     versionEndIncluding: "1.8.12.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33DD2B8E-6AB1-45CD-85F5-E0F5234585BF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*",
                     matchCriteriaId: "52BDDAC0-5CEE-4054-8930-EAF25FE528FD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*",
                     matchCriteriaId: "1CEB28DD-EAEA-45AF-8D7B-09E93AFABA49",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "12BCF63F-DA77-48A1-861D-F6E710E3CA16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "AD0D03FF-3FF6-40D0-A78E-CBDEA4FE4F14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "66666CD2-8921-4641-AD72-21F4386DC731",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C549DD5-68F9-44FC-92B9-09A0E6F87315",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "51407A8B-AF19-43FA-8D57-A6A35D465D1E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "911CCAF6-6E29-43B6-AF76-909016CD46ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B46E218-9EFA-4224-BC5D-1A2F38559E38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "6F1F43E8-6159-46FA-8BF5-360EA9D466BA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "F75E0A69-9251-4CE1-9E83-188F0D35DEFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "17E6BD3C-B88D-4C80-B77F-2A95767B9A71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*",
                     matchCriteriaId: "3AC1C9EC-A84F-401B-BF59-F4938B6A2F59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FCB76519-FD6D-4D74-8DF7-719822588C12",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "A6AB0DE5-0843-4A7A-A1C9-2FD7924FBEDC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "335F9C06-5E40-4E14-B018-15151E14414D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "9E8F15FB-C6B5-4A4F-A7AD-E2BF0162D1DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.4.0:rc1:*:*:*:*:*:*",
                     matchCriteriaId: "9DEA8945-9ACD-4CE7-A5E6-5207E16C663E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.4.0:rc2:*:*:*:*:*:*",
                     matchCriteriaId: "B2A7FC21-74FF-48BF-9BA8-A143FCB2BF3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:asterisk:open_source:10.4.0:rc3:*:*:*:*:*:*",
                     matchCriteriaId: "C4FCD6B4-ED33-424F-AD30-64227894B0B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E7D4883-79E3-4DD1-A555-136A0664E94E",
                     versionEndIncluding: "10.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.",
      },
      {
         lang: "es",
         value: "chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (eliminar la referencia del puntero NULL y caída demonio) por el cierre de una conexión en el modo de descuelgue.",
      },
   ],
   id: "CVE-2012-2948",
   lastModified: "2025-04-11T00:51:21.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-06-02T15:55:01.027",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/49303",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2012/dsa-2493",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/53723",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1027103",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://downloads.asterisk.org/pub/security/AST-2012-008.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/49303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2012/dsa-2493",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/53723",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1027103",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/75937",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-2948

Vulnerability from cvelistv5

gsd-2012-2948

Vulnerability from gsd

var-201206-0140

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

ghsa-chr5-w9ff-5gcw

Vulnerability from github

fkie_cve-2012-2948

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature