CVE-2012-2948
Debian Security Advisory 2493-1
Severity Score
6.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.
chan_skinny.c en el controlador de canal de Skinny (alias SCCP) en Certified Asterisk 1.8.11-cert antes de v1.8.11-cert2 y Asterisk Open Source v1.8.x antes de v1.8.12.1 y v10.x antes de v10.4.1, permite a usuarios autenticados remotamente provocar una denegación de servicio (eliminar la referencia del puntero NULL y caída demonio) por el cierre de una conexión en el modo de descuelgue.
A Null-pointer dereference has been identified in the SCCP (Skinny) channel driver of Asterisk. When an SCCP client closes its connection to the server, a pointer in a structure is set to Null. If the client was not in the on-hook state at the time the connection was closed, this pointer is later dereferenced. A remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server in certain call states (e.g. "Off hook") to crash the server. Successful exploitation of this vulnerability would result in termination of the server, causing denial of service to legitimate users.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-29 CVE Reserved
- 2012-05-29 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-05/0145.html | Mailing List | |
| http://downloads.asterisk.org/pub/security/AST-2012-008.html | X_refsource_confirm | |
| http://secunia.com/advisories/49303 | Third Party Advisory | |
| http://www.securityfocus.com/bid/53723 | Vdb Entry | |
| http://www.securitytracker.com/id?1027103 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75937 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2493 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 1.8.11 Search vendor "Asterisk" for product "Certified Asterisk" and version "1.8.11" | cert |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 1.8.11 Search vendor "Asterisk" for product "Certified Asterisk" and version "1.8.11" | cert1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | <= 1.8.12.0 Search vendor "Asterisk" for product "Open Source" and version " <= 1.8.12.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | beta1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | beta2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | beta3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | beta4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | beta5 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | rc4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.0" | rc5 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.1 Search vendor "Asterisk" for product "Open Source" and version "1.8.1" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.1 Search vendor "Asterisk" for product "Open Source" and version "1.8.1" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.2 Search vendor "Asterisk" for product "Open Source" and version "1.8.2" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.2 Search vendor "Asterisk" for product "Open Source" and version "1.8.2" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.3 Search vendor "Asterisk" for product "Open Source" and version "1.8.3" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.5 Search vendor "Asterisk" for product "Open Source" and version "1.8.5" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.5.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.5.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.6.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.6.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.6.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.6.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.6.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.6.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.6.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.6.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.7.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.7.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.7.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.7.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.7.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.7.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | rc4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.8.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.8.0" | rc5 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.9.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.9.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.9.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.9.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.9.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.9.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.9.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.9.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.10.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.10.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.10.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.10.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.10.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.10.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.10.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.10.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.10.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.10.0" | rc4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.11.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.11.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.11.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.11.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.11.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.11.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.12 Search vendor "Asterisk" for product "Open Source" and version "1.8.12" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.12.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.12.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.12.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.12.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 1.8.12.0 Search vendor "Asterisk" for product "Open Source" and version "1.8.12.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | <= 10.4.0 Search vendor "Asterisk" for product "Open Source" and version " <= 10.4.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | beta1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | beta2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.0.0 Search vendor "Asterisk" for product "Open Source" and version "10.0.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.1.0 Search vendor "Asterisk" for product "Open Source" and version "10.1.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.1.0 Search vendor "Asterisk" for product "Open Source" and version "10.1.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.1.0 Search vendor "Asterisk" for product "Open Source" and version "10.1.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.2.0 Search vendor "Asterisk" for product "Open Source" and version "10.2.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.2.0 Search vendor "Asterisk" for product "Open Source" and version "10.2.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.2.0 Search vendor "Asterisk" for product "Open Source" and version "10.2.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.2.0 Search vendor "Asterisk" for product "Open Source" and version "10.2.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.2.0 Search vendor "Asterisk" for product "Open Source" and version "10.2.0" | rc4 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.3 Search vendor "Asterisk" for product "Open Source" and version "10.3" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.3.0 Search vendor "Asterisk" for product "Open Source" and version "10.3.0" | - |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.3.0 Search vendor "Asterisk" for product "Open Source" and version "10.3.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.3.0 Search vendor "Asterisk" for product "Open Source" and version "10.3.0" | rc3 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.4.0 Search vendor "Asterisk" for product "Open Source" and version "10.4.0" | rc1 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.4.0 Search vendor "Asterisk" for product "Open Source" and version "10.4.0" | rc2 |
Affected
| ||||||
| Asterisk Search vendor "Asterisk" | Open Source Search vendor "Asterisk" for product "Open Source" | 10.4.0 Search vendor "Asterisk" for product "Open Source" and version "10.4.0" | rc3 |
Affected
| ||||||