CVE-2012-2947
2.6
CVSS Score
Low
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Link copied!
Description
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
High
Confidentiality
None
Integrity
None
Availability
P
Affected Software Configurations
- o debian debian_linux 6.0 * * * * * * *
- a digium asterisk 1.8.0 * * * * * * *
- a digium asterisk 1.8.0 beta1 * * * * * *
- a digium asterisk 1.8.0 beta2 * * * * * *
- a digium asterisk 1.8.0 beta3 * * * * * *
- a digium asterisk 1.8.0 beta4 * * * * * *
- a digium asterisk 1.8.0 beta5 * * * * * *
- a digium asterisk 1.8.0 rc2 * * * * * *
- a digium asterisk 1.8.0 rc3 * * * * * *
- a digium asterisk 1.8.0 rc4 * * * * * *
Weaknesses (CWE)
- CWE-284
References & External Links
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html
- http://downloads.asterisk.org/pub/security/AST-2012-007.html
- http://secunia.com/advisories/49303
- http://www.debian.org/security/2012/dsa-2493
- http://www.securitytracker.com/id?1027102
- http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html
- http://downloads.asterisk.org/pub/security/AST-2012-007.html
- http://secunia.com/advisories/49303
- http://www.debian.org/security/2012/dsa-2493
- http://www.securitytracker.com/id?1027102
External Resources
CVE History Timeline
Jun 04, 2012 14:17
Initial Analysis
Dec 07, 2016 17:34
Modified Analysis
Nov 13, 2017 16:44
Reanalysis
May 14, 2024 02:43
CVE Modified
Nov 21, 2024 01:40
CVE Modified