Lucene search
HistoryApr 30, 2012 - 8:55 p.m.
CVE-2012-2415
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.955 High
EPSS
Percentile
99.4%
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Affected configurations
Node
asteriskopen_sourceMatch1.6.2.0
ORasteriskopen_sourceMatch1.6.2.0rc2
ORasteriskopen_sourceMatch1.6.2.0rc3
ORasteriskopen_sourceMatch1.6.2.0rc4
ORasteriskopen_sourceMatch1.6.2.0rc5
ORasteriskopen_sourceMatch1.6.2.0rc6
ORasteriskopen_sourceMatch1.6.2.0rc7
ORasteriskopen_sourceMatch1.6.2.0rc8
ORasteriskopen_sourceMatch1.6.2.1
ORasteriskopen_sourceMatch1.6.2.1rc1
ORasteriskopen_sourceMatch1.6.2.2
ORasteriskopen_sourceMatch1.6.2.3rc2
ORasteriskopen_sourceMatch1.6.2.4
ORasteriskopen_sourceMatch1.6.2.5
ORasteriskopen_sourceMatch1.6.2.6
ORasteriskopen_sourceMatch1.6.2.6rc1
ORasteriskopen_sourceMatch1.6.2.6rc2
ORasteriskopen_sourceMatch1.6.2.7
ORasteriskopen_sourceMatch1.6.2.7rc1
ORasteriskopen_sourceMatch1.6.2.7rc2
ORasteriskopen_sourceMatch1.6.2.7rc3
ORasteriskopen_sourceMatch1.6.2.8
ORasteriskopen_sourceMatch1.6.2.8rc1
ORasteriskopen_sourceMatch1.6.2.9
ORasteriskopen_sourceMatch1.6.2.9rc1
ORasteriskopen_sourceMatch1.6.2.9rc2
ORasteriskopen_sourceMatch1.6.2.9rc3
ORasteriskopen_sourceMatch1.6.2.10
ORasteriskopen_sourceMatch1.6.2.10rc1
ORasteriskopen_sourceMatch1.6.2.10rc2
ORasteriskopen_sourceMatch1.6.2.11
ORasteriskopen_sourceMatch1.6.2.11rc1
ORasteriskopen_sourceMatch1.6.2.11rc2
ORasteriskopen_sourceMatch1.6.2.12
ORasteriskopen_sourceMatch1.6.2.12rc1
ORasteriskopen_sourceMatch1.6.2.13
ORasteriskopen_sourceMatch1.6.2.14
ORasteriskopen_sourceMatch1.6.2.14rc1
ORasteriskopen_sourceMatch1.6.2.15
ORasteriskopen_sourceMatch1.6.2.15rc1
ORasteriskopen_sourceMatch1.6.2.15.1
ORasteriskopen_sourceMatch1.6.2.16
ORasteriskopen_sourceMatch1.6.2.16rc1
ORasteriskopen_sourceMatch1.6.2.16.1
ORasteriskopen_sourceMatch1.6.2.16.2
ORasteriskopen_sourceMatch1.6.2.17
ORasteriskopen_sourceMatch1.6.2.17rc1
ORasteriskopen_sourceMatch1.6.2.17rc2
ORasteriskopen_sourceMatch1.6.2.17rc3
ORasteriskopen_sourceMatch1.6.2.17.1
ORasteriskopen_sourceMatch1.6.2.17.2
ORasteriskopen_sourceMatch1.6.2.17.3
ORasteriskopen_sourceMatch1.6.2.18
ORasteriskopen_sourceMatch1.6.2.18rc1
ORasteriskopen_sourceMatch1.6.2.18.1
ORasteriskopen_sourceMatch1.6.2.18.2
ORasteriskopen_sourceMatch1.6.2.19
ORasteriskopen_sourceMatch1.6.2.19rc1
ORasteriskopen_sourceMatch1.6.2.20
ORasteriskopen_sourceMatch1.6.2.21
ORasteriskopen_sourceMatch1.6.2.22
ORasteriskopen_sourceMatch1.6.2.23
Node
asteriskopen_sourceMatch1.8.0
ORasteriskopen_sourceMatch1.8.0beta1
ORasteriskopen_sourceMatch1.8.0beta2
ORasteriskopen_sourceMatch1.8.0beta3
ORasteriskopen_sourceMatch1.8.0beta4
ORasteriskopen_sourceMatch1.8.0beta5
ORasteriskopen_sourceMatch1.8.0rc2
ORasteriskopen_sourceMatch1.8.0rc3
ORasteriskopen_sourceMatch1.8.0rc4
ORasteriskopen_sourceMatch1.8.0rc5
ORasteriskopen_sourceMatch1.8.1
ORasteriskopen_sourceMatch1.8.1rc1
ORasteriskopen_sourceMatch1.8.1.1
ORasteriskopen_sourceMatch1.8.1.2
ORasteriskopen_sourceMatch1.8.2
ORasteriskopen_sourceMatch1.8.2rc1
ORasteriskopen_sourceMatch1.8.2.1
ORasteriskopen_sourceMatch1.8.2.2
ORasteriskopen_sourceMatch1.8.2.3
ORasteriskopen_sourceMatch1.8.2.4
ORasteriskopen_sourceMatch1.8.3
ORasteriskopen_sourceMatch1.8.3rc1
ORasteriskopen_sourceMatch1.8.3rc2
ORasteriskopen_sourceMatch1.8.3rc3
ORasteriskopen_sourceMatch1.8.3.1
ORasteriskopen_sourceMatch1.8.3.2
ORasteriskopen_sourceMatch1.8.3.3
ORasteriskopen_sourceMatch1.8.4
ORasteriskopen_sourceMatch1.8.4rc1
ORasteriskopen_sourceMatch1.8.4rc2
ORasteriskopen_sourceMatch1.8.4rc3
ORasteriskopen_sourceMatch1.8.4.1
ORasteriskopen_sourceMatch1.8.4.2
ORasteriskopen_sourceMatch1.8.4.3
ORasteriskopen_sourceMatch1.8.4.4
ORasteriskopen_sourceMatch1.8.5rc1
ORasteriskopen_sourceMatch1.8.5.0
ORasteriskopen_sourceMatch1.8.6.0
ORasteriskopen_sourceMatch1.8.6.0rc1
ORasteriskopen_sourceMatch1.8.6.0rc2
ORasteriskopen_sourceMatch1.8.6.0rc3
ORasteriskopen_sourceMatch1.8.7.0
ORasteriskopen_sourceMatch1.8.7.0rc1
ORasteriskopen_sourceMatch1.8.7.0rc2
ORasteriskopen_sourceMatch1.8.7.1
ORasteriskopen_sourceMatch1.8.7.2
ORasteriskopen_sourceMatch1.8.8.0
ORasteriskopen_sourceMatch1.8.8.0rc1
ORasteriskopen_sourceMatch1.8.8.0rc2
ORasteriskopen_sourceMatch1.8.8.0rc3
ORasteriskopen_sourceMatch1.8.8.0rc4
ORasteriskopen_sourceMatch1.8.8.0rc5
ORasteriskopen_sourceMatch1.8.8.1
ORasteriskopen_sourceMatch1.8.8.2
ORasteriskopen_sourceMatch1.8.9.0
ORasteriskopen_sourceMatch1.8.9.0rc1
ORasteriskopen_sourceMatch1.8.9.0rc2
ORasteriskopen_sourceMatch1.8.9.0rc3
ORasteriskopen_sourceMatch1.8.9.1
ORasteriskopen_sourceMatch1.8.9.2
ORasteriskopen_sourceMatch1.8.9.3
ORasteriskopen_sourceMatch1.8.10.0
ORasteriskopen_sourceMatch1.8.10.0rc1
ORasteriskopen_sourceMatch1.8.10.0rc2
ORasteriskopen_sourceMatch1.8.10.0rc3
ORasteriskopen_sourceMatch1.8.10.0rc4
ORasteriskopen_sourceMatch1.8.10.1
ORasteriskopen_sourceMatch1.8.11.0rc2
ORasteriskopen_sourceMatch1.8.11.0rc3
Node
asteriskopen_sourceMatch10.0.0
ORasteriskopen_sourceMatch10.0.0beta1
ORasteriskopen_sourceMatch10.0.0beta2
ORasteriskopen_sourceMatch10.0.0rc1
ORasteriskopen_sourceMatch10.0.0rc2
ORasteriskopen_sourceMatch10.0.0rc3
ORasteriskopen_sourceMatch10.0.1
ORasteriskopen_sourceMatch10.1.0
ORasteriskopen_sourceMatch10.1.0rc1
ORasteriskopen_sourceMatch10.1.0rc2
ORasteriskopen_sourceMatch10.1.1
ORasteriskopen_sourceMatch10.1.2
ORasteriskopen_sourceMatch10.1.3
ORasteriskopen_sourceMatch10.2.0
ORasteriskopen_sourceMatch10.2.0rc1
ORasteriskopen_sourceMatch10.2.0rc2
ORasteriskopen_sourceMatch10.2.0rc3
ORasteriskopen_sourceMatch10.2.0rc4
ORasteriskopen_sourceMatch10.2.1
ORasteriskopen_sourceMatch10.3.0
ORasteriskopen_sourceMatch10.3.0rc2
ORasteriskopen_sourceMatch10.3.0rc3
References
downloads.asterisk.org/pub/security/AST-2012-005.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
osvdb.org/81455
secunia.com/advisories/48891
secunia.com/advisories/48941
www.debian.org/security/2012/dsa-2460
www.securityfocus.com/bid/53210
www.securitytracker.com/id?1026962
exchange.xforce.ibmcloud.com/vulnerabilities/75102
Related
ubuntucve
ubuntucve
CVE-2012-2415
2012-04-30 00:00:00
prion
prion
Heap overflow
2012-04-30 20:55:00
cve
cve
CVE-2012-2415
2012-04-30 20:55:02
debiancve
debiancve
CVE-2012-2415
2012-04-30 20:55:02
cvelist
cvelist
CVE-2012-2415
2012-04-30 20:00:00
checkpoint_advisories
checkpoint_advisories
Digium Asterisk Skinny Channel Driver Heap Buffer Overflow (CVE-2012-2415)
2012-08-27 00:00:00
nessus
nessus
Asterisk Heap-Based Buffer Overflow in Skinny Channel Driver (AST-2012-005)
2012-04-27 00:00:00
Debian DSA-2460-1 : asterisk - several vulnerabilities
2012-04-26 00:00:00
openvas
openvas
FreeBSD Ports: asterisk16
2012-04-30 00:00:00
Debian: Security Advisory (DSA-2460-1)
2012-04-30 00:00:00
Debian Security Advisory DSA 2460-1 (asterisk)
2012-04-30 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: asterisk-1.8.11.1-1.fc15
2012-05-04 20:29:45
[SECURITY] Fedora 17 Update: asterisk-10.3.1-1.fc17
2012-05-04 22:52:14
[SECURITY] Fedora 16 Update: asterisk-1.8.11.1-1.fc16
2012-05-03 22:53:54
osv
osv
asterisk - several
2012-04-25 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2012-04-23 00:00:00
debian
debian
[SECURITY] [DSA 2460-1] asterisk security update
2012-04-25 16:06:40
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2012-06-21 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.955 High
EPSS
Percentile
99.4%
Related for NVD:CVE-2012-2415