CVE-2012-0885

Exploit

EPSS 1.06%
Veröffentlicht 25.01.2012 15:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asterisk ≫ Open Source Version1.8.0

Asterisk ≫ Open Source Version1.8.0 Updatebeta1

Asterisk ≫ Open Source Version1.8.0 Updatebeta2

Asterisk ≫ Open Source Version1.8.0 Updatebeta3

Asterisk ≫ Open Source Version1.8.0 Updatebeta4

Asterisk ≫ Open Source Version1.8.0 Updatebeta5

Asterisk ≫ Open Source Version1.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.1

Asterisk ≫ Open Source Version1.8.1 Updaterc1

Asterisk ≫ Open Source Version1.8.1.1

Asterisk ≫ Open Source Version1.8.1.2

Asterisk ≫ Open Source Version1.8.2

Asterisk ≫ Open Source Version1.8.2 Updaterc1

Asterisk ≫ Open Source Version1.8.2.1

Asterisk ≫ Open Source Version1.8.2.2

Asterisk ≫ Open Source Version1.8.2.3

Asterisk ≫ Open Source Version1.8.2.4

Asterisk ≫ Open Source Version1.8.3

Asterisk ≫ Open Source Version1.8.3 Updaterc1

Asterisk ≫ Open Source Version1.8.3 Updaterc2

Asterisk ≫ Open Source Version1.8.3 Updaterc3

Asterisk ≫ Open Source Version1.8.3.1

Asterisk ≫ Open Source Version1.8.3.2

Asterisk ≫ Open Source Version1.8.3.3

Asterisk ≫ Open Source Version1.8.4

Asterisk ≫ Open Source Version1.8.4 Updaterc1

Asterisk ≫ Open Source Version1.8.4 Updaterc2

Asterisk ≫ Open Source Version1.8.4 Updaterc3

Asterisk ≫ Open Source Version1.8.4.1

Asterisk ≫ Open Source Version1.8.4.2

Asterisk ≫ Open Source Version1.8.4.3

Asterisk ≫ Open Source Version1.8.4.4

Asterisk ≫ Open Source Version1.8.5 Updaterc1

Asterisk ≫ Open Source Version1.8.5.0

Asterisk ≫ Open Source Version1.8.6.0

Asterisk ≫ Open Source Version1.8.6.0 Updaterc1

Asterisk ≫ Open Source Version1.8.6.0 Updaterc2

Asterisk ≫ Open Source Version1.8.6.0 Updaterc3

Asterisk ≫ Open Source Version1.8.7.0

Asterisk ≫ Open Source Version1.8.7.0 Updaterc1

Asterisk ≫ Open Source Version1.8.7.0 Updaterc2

Asterisk ≫ Open Source Version1.8.7.1

Asterisk ≫ Open Source Version1.8.7.2

Asterisk ≫ Open Source Version1.8.8.0

Asterisk ≫ Open Source Version1.8.8.0 Updaterc1

Asterisk ≫ Open Source Version1.8.8.0 Updaterc2

Asterisk ≫ Open Source Version1.8.8.0 Updaterc3

Asterisk ≫ Open Source Version1.8.8.0 Updaterc4

Asterisk ≫ Open Source Version1.8.8.0 Updaterc5

Asterisk ≫ Open Source Version1.8.8.1

Asterisk ≫ Open Source Version10.0.0

Asterisk ≫ Open Source Version10.0.0 Updatebeta1

Asterisk ≫ Open Source Version10.0.0 Updatebeta2

Asterisk ≫ Open Source Version10.0.0 Updaterc1

Asterisk ≫ Open Source Version10.0.0 Updaterc2

Asterisk ≫ Open Source Version10.0.0 Updaterc3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.756

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff

Patch

http://downloads.asterisk.org/pub/security/AST-2012-001.html

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/01/20/16

http://www.openwall.com/lists/oss-security/2012/01/20/18

https://bugzilla.redhat.com/show_bug.cgi?id=783487

https://issues.asterisk.org/jira/browse/ASTERISK-19202

https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2012-0885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0885

EUVD