CVE-2012-2415 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 92%

Vendor	Product	Version
asterisk	open_source	1.6.2.0
asterisk	open_source	1.6.2.0:rc2
asterisk	open_source	1.6.2.0:rc3
asterisk	open_source	1.6.2.0:rc4
asterisk	open_source	1.6.2.0:rc5
asterisk	open_source	1.6.2.0:rc6
asterisk	open_source	1.6.2.0:rc7
asterisk	open_source	1.6.2.0:rc8
asterisk	open_source	1.6.2.1
asterisk	open_source	1.6.2.1:rc1
asterisk	open_source	1.6.2.2
asterisk	open_source	1.6.2.3:rc2
asterisk	open_source	1.6.2.4
asterisk	open_source	1.6.2.5
asterisk	open_source	1.6.2.6
asterisk	open_source	1.6.2.6:rc1
asterisk	open_source	1.6.2.6:rc2
asterisk	open_source	1.6.2.7
asterisk	open_source	1.6.2.7:rc1
asterisk	open_source	1.6.2.7:rc2
asterisk	open_source	1.6.2.7:rc3
asterisk	open_source	1.6.2.8
asterisk	open_source	1.6.2.8:rc1
asterisk	open_source	1.6.2.9
asterisk	open_source	1.6.2.9:rc1
asterisk	open_source	1.6.2.9:rc2
asterisk	open_source	1.6.2.9:rc3
asterisk	open_source	1.6.2.10
asterisk	open_source	1.6.2.10:rc1
asterisk	open_source	1.6.2.10:rc2
asterisk	open_source	1.6.2.11
asterisk	open_source	1.6.2.11:rc1
asterisk	open_source	1.6.2.11:rc2
asterisk	open_source	1.6.2.12
asterisk	open_source	1.6.2.12:rc1
asterisk	open_source	1.6.2.13
asterisk	open_source	1.6.2.14
asterisk	open_source	1.6.2.14:rc1
asterisk	open_source	1.6.2.15
asterisk	open_source	1.6.2.15:rc1
asterisk	open_source	1.6.2.15.1
asterisk	open_source	1.6.2.16
asterisk	open_source	1.6.2.16:rc1
asterisk	open_source	1.6.2.16.1
asterisk	open_source	1.6.2.16.2
asterisk	open_source	1.6.2.17
asterisk	open_source	1.6.2.17:rc1
asterisk	open_source	1.6.2.17:rc2
asterisk	open_source	1.6.2.17:rc3
asterisk	open_source	1.6.2.17.1
asterisk	open_source	1.6.2.17.2
asterisk	open_source	1.6.2.17.3
asterisk	open_source	1.6.2.18
asterisk	open_source	1.6.2.18:rc1
asterisk	open_source	1.6.2.18.1
asterisk	open_source	1.6.2.18.2
asterisk	open_source	1.6.2.19
asterisk	open_source	1.6.2.19:rc1
asterisk	open_source	1.6.2.20
asterisk	open_source	1.6.2.21
asterisk	open_source	1.6.2.22
asterisk	open_source	1.6.2.23
asterisk	open_source	1.8.0
asterisk	open_source	1.8.0:beta1
asterisk	open_source	1.8.0:beta2
asterisk	open_source	1.8.0:beta3
asterisk	open_source	1.8.0:beta4
asterisk	open_source	1.8.0:beta5
asterisk	open_source	1.8.0:rc2
asterisk	open_source	1.8.0:rc3
asterisk	open_source	1.8.0:rc4
asterisk	open_source	1.8.0:rc5
asterisk	open_source	1.8.1
asterisk	open_source	1.8.1:rc1
asterisk	open_source	1.8.1.1
asterisk	open_source	1.8.1.2
asterisk	open_source	1.8.2
asterisk	open_source	1.8.2:rc1
asterisk	open_source	1.8.2.1
asterisk	open_source	1.8.2.2
asterisk	open_source	1.8.2.3
asterisk	open_source	1.8.2.4
asterisk	open_source	1.8.3
asterisk	open_source	1.8.3:rc1
asterisk	open_source	1.8.3:rc2
asterisk	open_source	1.8.3:rc3
asterisk	open_source	1.8.3.1
asterisk	open_source	1.8.3.2
asterisk	open_source	1.8.3.3
asterisk	open_source	1.8.4
asterisk	open_source	1.8.4:rc1
asterisk	open_source	1.8.4:rc2
asterisk	open_source	1.8.4:rc3
asterisk	open_source	1.8.4.1
asterisk	open_source	1.8.4.2
asterisk	open_source	1.8.4.3
asterisk	open_source	1.8.4.4
asterisk	open_source	1.8.5:rc1
asterisk	open_source	1.8.5.0
asterisk	open_source	1.8.6.0
asterisk	open_source	1.8.6.0:rc1
asterisk	open_source	1.8.6.0:rc2
asterisk	open_source	1.8.6.0:rc3
asterisk	open_source	1.8.7.0
asterisk	open_source	1.8.7.0:rc1
asterisk	open_source	1.8.7.0:rc2
asterisk	open_source	1.8.7.1
asterisk	open_source	1.8.7.2
asterisk	open_source	1.8.8.0
asterisk	open_source	1.8.8.0:rc1
asterisk	open_source	1.8.8.0:rc2
asterisk	open_source	1.8.8.0:rc3
asterisk	open_source	1.8.8.0:rc4
asterisk	open_source	1.8.8.0:rc5
asterisk	open_source	1.8.8.1
asterisk	open_source	1.8.8.2
asterisk	open_source	1.8.9.0
asterisk	open_source	1.8.9.0:rc1
asterisk	open_source	1.8.9.0:rc2
asterisk	open_source	1.8.9.0:rc3
asterisk	open_source	1.8.9.1
asterisk	open_source	1.8.9.2
asterisk	open_source	1.8.9.3
asterisk	open_source	1.8.10.0
asterisk	open_source	1.8.10.0:rc1
asterisk	open_source	1.8.10.0:rc2
asterisk	open_source	1.8.10.0:rc3
asterisk	open_source	1.8.10.0:rc4
asterisk	open_source	1.8.10.1
asterisk	open_source	1.8.11.0:rc2
asterisk	open_source	1.8.11.0:rc3
asterisk	open_source	10.0.0
asterisk	open_source	10.0.0:beta1
asterisk	open_source	10.0.0:beta2
asterisk	open_source	10.0.0:rc1
asterisk	open_source	10.0.0:rc2
asterisk	open_source	10.0.0:rc3
asterisk	open_source	10.0.1
asterisk	open_source	10.1.0
asterisk	open_source	10.1.0:rc1
asterisk	open_source	10.1.0:rc2
asterisk	open_source	10.1.1
asterisk	open_source	10.1.2
asterisk	open_source	10.1.3
asterisk	open_source	10.2.0
asterisk	open_source	10.2.0:rc1
asterisk	open_source	10.2.0:rc2
asterisk	open_source	10.2.0:rc3
asterisk	open_source	10.2.0:rc4
asterisk	open_source	10.2.1
asterisk	open_source	10.3.0
asterisk	open_source	10.3.0:rc2
asterisk	open_source	10.3.0:rc3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

asterisk

bullseye	1:16.28.0~dfsg-0+deb11u4 fixed
bullseye (security)	1:16.28.0~dfsg-0+deb11u5 fixed
sid	1:22.0.0~dfsg+~cs6.14.60671435-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

asterisk

zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	ignored
oneiric	ignored
natty	ignored
lucid	ignored
hardy	not-affected

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://downloads.asterisk.org/pub/security/AST-2012-005.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html

http://osvdb.org/81455

http://secunia.com/advisories/48891

http://secunia.com/advisories/48941

http://www.debian.org/security/2012/dsa-2460

http://www.securityfocus.com/bid/53210

http://www.securitytracker.com/id?1026962

https://exchange.xforce.ibmcloud.com/vulnerabilities/75102

http://downloads.asterisk.org/pub/security/AST-2012-005.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html

http://osvdb.org/81455

http://secunia.com/advisories/48891

http://secunia.com/advisories/48941

http://www.debian.org/security/2012/dsa-2460

http://www.securityfocus.com/bid/53210

http://www.securitytracker.com/id?1026962

https://exchange.xforce.ibmcloud.com/vulnerabilities/75102