chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://downloads.asterisk.org/pub/security/AST-2012-006.html - Patch, Vendor Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html - | |
References | () http://osvdb.org/81456 - | |
References | () http://secunia.com/advisories/48891 - | |
References | () http://www.securityfocus.com/bid/53205 - | |
References | () http://www.securitytracker.com/id?1026963 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/75101 - | |
References | () https://issues.asterisk.org/jira/browse/ASTERISK-19770 - |
Information
Published : 2012-04-30 20:55
Updated : 2024-11-21 01:39
NVD link : CVE-2012-2416
Mitre link : CVE-2012-2416
CVE.ORG link : CVE-2012-2416
JSON object : View
Products Affected
asterisk
- open_source
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer