CVE-2012-3553

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
digiumasterisk
10.0.0
digiumasterisk
10.0.0:beta1
digiumasterisk
10.0.0:beta2
digiumasterisk
10.0.0:rc1
digiumasterisk
10.0.0:rc2
digiumasterisk
10.0.0:rc3
digiumasterisk
10.0.1
digiumasterisk
10.1.0
digiumasterisk
10.1.0:rc1
digiumasterisk
10.1.0:rc2
digiumasterisk
10.1.1
digiumasterisk
10.1.2
digiumasterisk
10.1.3
digiumasterisk
10.2.0
digiumasterisk
10.2.0:rc1
digiumasterisk
10.2.0:rc2
digiumasterisk
10.2.0:rc3
digiumasterisk
10.2.0:rc4
digiumasterisk
10.2.1
digiumasterisk
10.3.0
digiumasterisk
10.3.0:rc2
digiumasterisk
10.3.0:rc3
digiumasterisk
10.3.1
digiumasterisk
10.4.0
digiumasterisk
10.4.0:rc1
digiumasterisk
10.4.0:rc2
digiumasterisk
10.4.0:rc3
digiumasterisk
10.4.1
digiumasterisk
10.4.2
digiumasterisk
10.5.0
digiumasterisk
10.5.0:rc1
digiumasterisk
10.5.0:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
not-affected
References
http://downloads.asterisk.org/pub/security/AST-2012-009.html
http://downloads.asterisk.org/pub/security/AST-2012-009.html