Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-3863
HistoryJul 09, 2012 - 12:00 a.m.

CVE-2012-3863

2012-07-0900:00:00
ubuntu.com
ubuntu.com
6

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

84.0%

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x
before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified
Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones
10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a
provisional response to a SIP reINVITE request, which allows remote
authenticated users to cause a denial of service (RTP port exhaustion) via
sessions that lack final responses.

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

84.0%