Vulnerability Details : CVE-2012-2415
Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2415
Probability of exploitation activity in the next 30 days: 95.46%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2415
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2012-2415
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2415
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75102
Asterisk Skinny driver buffer overflow CVE-2012-2415 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
[SECURITY] Fedora 15 Update: asterisk-1.8.11.1-1.fc15
-
http://www.securitytracker.com/id?1026962
Asterisk Heap Overflow in Skinny Channel Driver Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://www.debian.org/security/2012/dsa-2460
Debian -- Security Information -- DSA-2460-1 asterisk
-
http://downloads.asterisk.org/pub/security/AST-2012-005.html
AST-2012-005Patch;Vendor Advisory
-
http://osvdb.org/81455
-
http://www.securityfocus.com/bid/53210
Asterisk Skinny Channel Driver Heap-Based Buffer Overflow Vulnerability
Products affected by CVE-2012-2415
- cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.10.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.11.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.9.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.22:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.23:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.18.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.6.2.21:*:*:*:*:*:*:*