// For flags

CVE-2012-1184

Asterisk - 'ast_parse_digest()' Stack Buffer Overflow (PoC)

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Vulnerabilidad de desboramiento de buffer basado en memoria dinámica en la función ast_parse_digest en main/utils.c en Asterisk v1.8.x antes de v1.8.10.1 y v10.x antes de v10.2.1, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código de su elección a través de una cadena larga en una cabecera HTTP Digest Authentication

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-02-14 CVE Reserved
  • 2012-03-15 First Exploit
  • 2012-03-29 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
beta1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
beta2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
beta3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
beta4
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
beta5
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
rc4
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.0"
rc5
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.1.1
Search vendor "Digium" for product "Asterisk" and version "1.8.1.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.1.2
Search vendor "Digium" for product "Asterisk" and version "1.8.1.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.2
Search vendor "Digium" for product "Asterisk" and version "1.8.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.2.1
Search vendor "Digium" for product "Asterisk" and version "1.8.2.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.2.2
Search vendor "Digium" for product "Asterisk" and version "1.8.2.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.2.3
Search vendor "Digium" for product "Asterisk" and version "1.8.2.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.2.4
Search vendor "Digium" for product "Asterisk" and version "1.8.2.4"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3
Search vendor "Digium" for product "Asterisk" and version "1.8.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3
Search vendor "Digium" for product "Asterisk" and version "1.8.3"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3
Search vendor "Digium" for product "Asterisk" and version "1.8.3"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3
Search vendor "Digium" for product "Asterisk" and version "1.8.3"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3.1
Search vendor "Digium" for product "Asterisk" and version "1.8.3.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3.2
Search vendor "Digium" for product "Asterisk" and version "1.8.3.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.3.3
Search vendor "Digium" for product "Asterisk" and version "1.8.3.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4
Search vendor "Digium" for product "Asterisk" and version "1.8.4"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4
Search vendor "Digium" for product "Asterisk" and version "1.8.4"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4
Search vendor "Digium" for product "Asterisk" and version "1.8.4"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4
Search vendor "Digium" for product "Asterisk" and version "1.8.4"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4.1
Search vendor "Digium" for product "Asterisk" and version "1.8.4.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4.2
Search vendor "Digium" for product "Asterisk" and version "1.8.4.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4.3
Search vendor "Digium" for product "Asterisk" and version "1.8.4.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.4.4
Search vendor "Digium" for product "Asterisk" and version "1.8.4.4"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.5
Search vendor "Digium" for product "Asterisk" and version "1.8.5"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.5
Search vendor "Digium" for product "Asterisk" and version "1.8.5"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.5.0
Search vendor "Digium" for product "Asterisk" and version "1.8.5.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.6.0
Search vendor "Digium" for product "Asterisk" and version "1.8.6.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.6.0
Search vendor "Digium" for product "Asterisk" and version "1.8.6.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.6.0
Search vendor "Digium" for product "Asterisk" and version "1.8.6.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.6.0
Search vendor "Digium" for product "Asterisk" and version "1.8.6.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.7.0
Search vendor "Digium" for product "Asterisk" and version "1.8.7.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.7.0
Search vendor "Digium" for product "Asterisk" and version "1.8.7.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.7.0
Search vendor "Digium" for product "Asterisk" and version "1.8.7.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.7.1
Search vendor "Digium" for product "Asterisk" and version "1.8.7.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
rc4
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.0
Search vendor "Digium" for product "Asterisk" and version "1.8.8.0"
rc5
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.1
Search vendor "Digium" for product "Asterisk" and version "1.8.8.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.8.2
Search vendor "Digium" for product "Asterisk" and version "1.8.8.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.0
Search vendor "Digium" for product "Asterisk" and version "1.8.9.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.0
Search vendor "Digium" for product "Asterisk" and version "1.8.9.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.0
Search vendor "Digium" for product "Asterisk" and version "1.8.9.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.0
Search vendor "Digium" for product "Asterisk" and version "1.8.9.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.1
Search vendor "Digium" for product "Asterisk" and version "1.8.9.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.2
Search vendor "Digium" for product "Asterisk" and version "1.8.9.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.9.3
Search vendor "Digium" for product "Asterisk" and version "1.8.9.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.10.0
Search vendor "Digium" for product "Asterisk" and version "1.8.10.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.10.0
Search vendor "Digium" for product "Asterisk" and version "1.8.10.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.10.0
Search vendor "Digium" for product "Asterisk" and version "1.8.10.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.10.0
Search vendor "Digium" for product "Asterisk" and version "1.8.10.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 1.8.10.0
Search vendor "Digium" for product "Asterisk" and version "1.8.10.0"
rc4
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
beta1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
beta2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.0
Search vendor "Digium" for product "Asterisk" and version "10.0.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.0.1
Search vendor "Digium" for product "Asterisk" and version "10.0.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.0
Search vendor "Digium" for product "Asterisk" and version "10.1.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.0
Search vendor "Digium" for product "Asterisk" and version "10.1.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.0
Search vendor "Digium" for product "Asterisk" and version "10.1.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.1
Search vendor "Digium" for product "Asterisk" and version "10.1.1"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.2
Search vendor "Digium" for product "Asterisk" and version "10.1.2"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.1.3
Search vendor "Digium" for product "Asterisk" and version "10.1.3"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.2.0
Search vendor "Digium" for product "Asterisk" and version "10.2.0"
-
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.2.0
Search vendor "Digium" for product "Asterisk" and version "10.2.0"
rc1
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.2.0
Search vendor "Digium" for product "Asterisk" and version "10.2.0"
rc2
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.2.0
Search vendor "Digium" for product "Asterisk" and version "10.2.0"
rc3
Affected
Digium
Search vendor "Digium"
 Asterisk
Search vendor "Digium" for product "Asterisk"
 10.2.0
Search vendor "Digium" for product "Asterisk" and version "10.2.0"
rc4
Affected