Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2012-0885
HistoryJan 25, 2012 - 3:55 p.m.

CVE-2012-0885

2012-01-2515:55:01
mitre
web.nvd.nist.gov
54
asterisk
open source
1.8.x
10.x
1.8.8.2
10.0.1
null pointer dereference
daemon crash
sdp message
res_srtp module
denial of service
cve-2012-0885

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

Affected configurations

Nvd
Node
asteriskopen_sourceMatch1.8.0
OR
asteriskopen_sourceMatch1.8.0beta1
OR
asteriskopen_sourceMatch1.8.0beta2
OR
asteriskopen_sourceMatch1.8.0beta3
OR
asteriskopen_sourceMatch1.8.0beta4
OR
asteriskopen_sourceMatch1.8.0beta5
OR
asteriskopen_sourceMatch1.8.0rc2
OR
asteriskopen_sourceMatch1.8.0rc3
OR
asteriskopen_sourceMatch1.8.0rc4
OR
asteriskopen_sourceMatch1.8.0rc5
OR
asteriskopen_sourceMatch1.8.1
OR
asteriskopen_sourceMatch1.8.1rc1
OR
asteriskopen_sourceMatch1.8.1.1
OR
asteriskopen_sourceMatch1.8.1.2
OR
asteriskopen_sourceMatch1.8.2
OR
asteriskopen_sourceMatch1.8.2rc1
OR
asteriskopen_sourceMatch1.8.2.1
OR
asteriskopen_sourceMatch1.8.2.2
OR
asteriskopen_sourceMatch1.8.2.3
OR
asteriskopen_sourceMatch1.8.2.4
OR
asteriskopen_sourceMatch1.8.3
OR
asteriskopen_sourceMatch1.8.3rc1
OR
asteriskopen_sourceMatch1.8.3rc2
OR
asteriskopen_sourceMatch1.8.3rc3
OR
asteriskopen_sourceMatch1.8.3.1
OR
asteriskopen_sourceMatch1.8.3.2
OR
asteriskopen_sourceMatch1.8.3.3
OR
asteriskopen_sourceMatch1.8.4
OR
asteriskopen_sourceMatch1.8.4rc1
OR
asteriskopen_sourceMatch1.8.4rc2
OR
asteriskopen_sourceMatch1.8.4rc3
OR
asteriskopen_sourceMatch1.8.4.1
OR
asteriskopen_sourceMatch1.8.4.2
OR
asteriskopen_sourceMatch1.8.4.3
OR
asteriskopen_sourceMatch1.8.4.4
OR
asteriskopen_sourceMatch1.8.5rc1
OR
asteriskopen_sourceMatch1.8.5.0
OR
asteriskopen_sourceMatch1.8.6.0
OR
asteriskopen_sourceMatch1.8.6.0rc1
OR
asteriskopen_sourceMatch1.8.6.0rc2
OR
asteriskopen_sourceMatch1.8.6.0rc3
OR
asteriskopen_sourceMatch1.8.7.0
OR
asteriskopen_sourceMatch1.8.7.0rc1
OR
asteriskopen_sourceMatch1.8.7.0rc2
OR
asteriskopen_sourceMatch1.8.7.1
OR
asteriskopen_sourceMatch1.8.7.2
OR
asteriskopen_sourceMatch1.8.8.0
OR
asteriskopen_sourceMatch1.8.8.0rc1
OR
asteriskopen_sourceMatch1.8.8.0rc2
OR
asteriskopen_sourceMatch1.8.8.0rc3
OR
asteriskopen_sourceMatch1.8.8.0rc4
OR
asteriskopen_sourceMatch1.8.8.0rc5
OR
asteriskopen_sourceMatch1.8.8.1
Node
asteriskopen_sourceMatch10.0.0
OR
asteriskopen_sourceMatch10.0.0beta1
OR
asteriskopen_sourceMatch10.0.0beta2
OR
asteriskopen_sourceMatch10.0.0rc1
OR
asteriskopen_sourceMatch10.0.0rc2
OR
asteriskopen_sourceMatch10.0.0rc3
VendorProductVersionCPE
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
asteriskopen_source1.8.0cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
Rows per page:
1-10 of 591

Related

openvas 3
prion 1
nessus 2
ubuntucve 1
gentoo 1
debiancve 1
cvelist 1
nvd 1
openvas
openvas
Gentoo Security Advisory GLSA 201202-06 (asterisk)
2012-03-12 00:00:00
Gentoo Security Advisory GLSA 201202-06 (asterisk)
2012-03-12 00:00:00
FreeBSD Ports: asterisk18
2012-02-12 00:00:00
prion
prion
Null pointer dereference
2012-01-25 15:55:00
nessus
nessus
GLSA-201202-06 : Asterisk: Denial of Service
2012-02-23 00:00:00
Asterisk SRTP Video Stream Negotiation Remote Crash (AST-2012-001)
2012-03-22 00:00:00
ubuntucve
ubuntucve
CVE-2012-0885
2012-01-25 00:00:00
gentoo
gentoo
Asterisk: Denial of service
2012-02-22 00:00:00
debiancve
debiancve
CVE-2012-0885
2012-01-25 15:55:01
cvelist
cvelist
CVE-2012-0885
2012-01-25 15:00:00
nvd
nvd
CVE-2012-0885
2012-01-25 15:55:01

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.018

Percentile

88.4%

JSON
Related for CVE-2012-0885
openvas3prion1nessus2ubuntucve1gentoo1debiancve1cvelist1nvd1