Vulnerability Details CVE-2012-2415
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.105
EPSS Ranking 92.9%
CVSS Severity
CVSS v2 Score 6.5
References
- http://downloads.asterisk.org/pub/security/AST-2012-005.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
- http://osvdb.org/81455
- http://secunia.com/advisories/48891
- http://secunia.com/advisories/48941
- http://www.debian.org/security/2012/dsa-2460
- http://www.securityfocus.com/bid/53210
- http://www.securitytracker.com/id?1026962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75102
- http://downloads.asterisk.org/pub/security/AST-2012-005.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
- http://osvdb.org/81455
- http://secunia.com/advisories/48891
- http://secunia.com/advisories/48941
- http://www.debian.org/security/2012/dsa-2460
- http://www.securityfocus.com/bid/53210
- http://www.securitytracker.com/id?1026962
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75102
Products affected by CVE-2012-2415
-
cpe:2.3:a:asterisk:open_source:1.6.2.0
-
cpe:2.3:a:asterisk:open_source:1.6.2.1
-
cpe:2.3:a:asterisk:open_source:1.6.2.10
-
cpe:2.3:a:asterisk:open_source:1.6.2.11
-
cpe:2.3:a:asterisk:open_source:1.6.2.12
-
cpe:2.3:a:asterisk:open_source:1.6.2.13
-
cpe:2.3:a:asterisk:open_source:1.6.2.14
-
cpe:2.3:a:asterisk:open_source:1.6.2.15
-
cpe:2.3:a:asterisk:open_source:1.6.2.15.1
-
cpe:2.3:a:asterisk:open_source:1.6.2.16
-
cpe:2.3:a:asterisk:open_source:1.6.2.16.1
-
cpe:2.3:a:asterisk:open_source:1.6.2.16.2
-
cpe:2.3:a:asterisk:open_source:1.6.2.17
-
cpe:2.3:a:asterisk:open_source:1.6.2.17.1
-
cpe:2.3:a:asterisk:open_source:1.6.2.17.2
-
cpe:2.3:a:asterisk:open_source:1.6.2.17.3
-
cpe:2.3:a:asterisk:open_source:1.6.2.18
-
cpe:2.3:a:asterisk:open_source:1.6.2.18.1
-
cpe:2.3:a:asterisk:open_source:1.6.2.18.2
-
cpe:2.3:a:asterisk:open_source:1.6.2.19
-
cpe:2.3:a:asterisk:open_source:1.6.2.2
-
cpe:2.3:a:asterisk:open_source:1.6.2.20
-
cpe:2.3:a:asterisk:open_source:1.6.2.21
-
cpe:2.3:a:asterisk:open_source:1.6.2.22
-
cpe:2.3:a:asterisk:open_source:1.6.2.23
-
cpe:2.3:a:asterisk:open_source:1.6.2.3
-
cpe:2.3:a:asterisk:open_source:1.6.2.4
-
cpe:2.3:a:asterisk:open_source:1.6.2.5
-
cpe:2.3:a:asterisk:open_source:1.6.2.6
-
cpe:2.3:a:asterisk:open_source:1.6.2.7
-
cpe:2.3:a:asterisk:open_source:1.6.2.8
-
cpe:2.3:a:asterisk:open_source:1.6.2.9
-
cpe:2.3:a:asterisk:open_source:1.8.0
-
cpe:2.3:a:asterisk:open_source:1.8.1
-
cpe:2.3:a:asterisk:open_source:1.8.1.1
-
cpe:2.3:a:asterisk:open_source:1.8.1.2
-
cpe:2.3:a:asterisk:open_source:1.8.10.0
-
cpe:2.3:a:asterisk:open_source:1.8.10.1
-
cpe:2.3:a:asterisk:open_source:1.8.11.0
-
cpe:2.3:a:asterisk:open_source:1.8.2
-
cpe:2.3:a:asterisk:open_source:1.8.2.1
-
cpe:2.3:a:asterisk:open_source:1.8.2.2
-
cpe:2.3:a:asterisk:open_source:1.8.2.3
-
cpe:2.3:a:asterisk:open_source:1.8.2.4
-
cpe:2.3:a:asterisk:open_source:1.8.3
-
cpe:2.3:a:asterisk:open_source:1.8.3.1
-
cpe:2.3:a:asterisk:open_source:1.8.3.2
-
cpe:2.3:a:asterisk:open_source:1.8.3.3
-
cpe:2.3:a:asterisk:open_source:1.8.4
-
cpe:2.3:a:asterisk:open_source:1.8.4.1
-
cpe:2.3:a:asterisk:open_source:1.8.4.2
-
cpe:2.3:a:asterisk:open_source:1.8.4.3
-
cpe:2.3:a:asterisk:open_source:1.8.4.4
-
cpe:2.3:a:asterisk:open_source:1.8.5
-
cpe:2.3:a:asterisk:open_source:1.8.5.0
-
cpe:2.3:a:asterisk:open_source:1.8.6.0
-
cpe:2.3:a:asterisk:open_source:1.8.7.0
-
cpe:2.3:a:asterisk:open_source:1.8.7.1
-
cpe:2.3:a:asterisk:open_source:1.8.7.2
-
cpe:2.3:a:asterisk:open_source:1.8.8.0
-
cpe:2.3:a:asterisk:open_source:1.8.8.1
-
cpe:2.3:a:asterisk:open_source:1.8.8.2
-
cpe:2.3:a:asterisk:open_source:1.8.9.0
-
cpe:2.3:a:asterisk:open_source:1.8.9.1
-
cpe:2.3:a:asterisk:open_source:1.8.9.2
-
cpe:2.3:a:asterisk:open_source:1.8.9.3
-
cpe:2.3:a:asterisk:open_source:10.0.0
-
cpe:2.3:a:asterisk:open_source:10.0.1
-
cpe:2.3:a:asterisk:open_source:10.1.0
-
cpe:2.3:a:asterisk:open_source:10.1.1
-
cpe:2.3:a:asterisk:open_source:10.1.2
-
cpe:2.3:a:asterisk:open_source:10.1.3
-
cpe:2.3:a:asterisk:open_source:10.2.0
-
cpe:2.3:a:asterisk:open_source:10.2.1
-
cpe:2.3:a:asterisk:open_source:10.3.0