Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2012-1184

Published: 18/09/2012 Updated: 29/08/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Digium

Vulnerability Summary

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x prior to 1.8.10.1 and 10.x prior to 10.2.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Vulnerable Product Search on Vulmon Subscribe to Product

digium asterisk 1.8.0

digium asterisk 1.8.2.2

digium asterisk 1.8.2.1

digium asterisk 1.8.3

digium asterisk 1.8.3.2

digium asterisk 1.8.4.1

digium asterisk 1.8.4.3

digium asterisk 1.8.6.0

digium asterisk 1.8.8.0

digium asterisk 1.8.9.3

digium asterisk 1.8.9.0

digium asterisk 1.8.10.0

digium asterisk 1.8.3.3

digium asterisk 1.8.4

digium asterisk 1.8.5

digium asterisk 1.8.5.0

digium asterisk 1.8.7.0

digium asterisk 1.8.7.1

digium asterisk 1.8.8.2

digium asterisk 1.8.9.1

digium asterisk 1.8.2.3

digium asterisk 1.8.3.1

digium asterisk 1.8.9.2

digium asterisk 1.8.2

digium asterisk 1.8.2.4

digium asterisk 1.8.1.2

digium asterisk 1.8.1.1

digium asterisk 1.8.4.2

digium asterisk 1.8.4.4

digium asterisk 1.8.8.1

digium asterisk 10.0.0

digium asterisk 10.1.3

digium asterisk 10.2.0

digium asterisk 10.1.0

digium asterisk 10.0.1

digium asterisk 10.1.2

digium asterisk 10.1.1

Vendor Advisories

Debian CVElist Bug Report Logs: [CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and AST-2012-003 flaws
Debian Bug report logs - #664411 [CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and AST-2012-003 flaws Package: asterisk; Maintainer for asterisk is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Source for asterisk is src:asterisk (PTS, buildd, popcon) Reported by: Luciano Bello <luciano@debian ...

Exploits

Exploit DB: Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)
=========================== Description =========================== There is a remotely exploitable stack buffer overflow in HTTP digest authentication handling in Asterisk This vulnerability includes the possibility of code execution with plenty of stack space for inserting custom code to run I wrote an example exploit to verify that the vulne ...

References

CWE-119http://www.securitytracker.com/id?1026813http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diffhttp://www.asterisk.org/node/51797http://secunia.com/advisories/48417http://www.openwall.com/lists/oss-security/2012/03/16/10http://downloads.asterisk.org/pub/security/AST-2012-003.pdfhttp://www.openwall.com/lists/oss-security/2012/03/16/17http://osvdb.org/80126https://exchange.xforce.ibmcloud.com/vulnerabilities/74083https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411https://nvd.nist.govhttps://www.exploit-db.com/exploits/18855/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook