Vulnerability Details : CVE-2012-1183
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-1183
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
- cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Threat overview for CVE-2012-1183
Top countries where our scanners detected CVE-2012-1183
Top open port discovered on systems with this issue
80
IPs affected by CVE-2012-1183 521
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-1183!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-1183
7.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-1183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-1183
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1183
-
http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff
Patch;Vendor Advisory
-
http://www.asterisk.org/node/51797
Asterisk Release NewsBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/74082
Asterisk milliwatt_generate() denial of service CVE-2012-1183 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2012/03/16/10
oss-security - CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flawsMailing List;Patch;Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html
Broken Link
-
http://www.securityfocus.com/bid/52523
Asterisk 'Milliwatt()' Denial Of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://securitytracker.com/id?1026812
Asterisk Milliwatt Application Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2012/03/16/17
oss-security - Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flawsMailing List;Patch;Third Party Advisory
-
http://www.debian.org/security/2012/dsa-2460
Debian -- Security Information -- DSA-2460-1 asteriskThird Party Advisory
-
http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
Vendor Advisory
Jump to