4
CVE-2012-3863
- EPSS 7.19%
- Published 09.07.2012 10:20:44
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.
Data is provided by the National Vulnerability Database (NVD)
Digium ≫ Asterisk Business Edition Versionc.3.1
Digium ≫ Asterisk Business Edition Versionc.3.3
Digium ≫ Asterisk Business Edition Versionc.3.7.4
Digium ≫ Certified Asterisk Version1.8.11 Updatecert
Digium ≫ Certified Asterisk Version1.8.11 Updatecert1
Digium ≫ Certified Asterisk Version1.8.11 Updatecert
Digium ≫ Certified Asterisk Version1.8.11 Updatecert1
Digium ≫ Certified Asterisk Version1.8.11 Updatecert2
Digium ≫ Certified Asterisk Version1.8.11 Updatecert3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.19% | 0.907 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|