VDB
CVE-2012-1184
CVE-2012-1184
PUBLISHED
CVSS 7.5 HIGH
Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.
EPSS 37.42% · 97.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
37.42%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| digium | asterisk | 1.8.0, 1.8.0, 1.8.0 |
Timeline
- Sep 18, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 17, 2022 CVE Updated
- Jul 12, 2022 EPSS Score
- Sep 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- [oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws mailing-list
- http://downloads.asterisk.org/pub/security/AST-2012-003.pdf url
- http://www.asterisk.org/node/51797 url
- 48417 third-party-advisory
- [oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws mailing-list
- http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff url
- 80126 vdb
- 1026813 vdb
- asterisk-astparsedigest-bo(74083) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2012-1184 advisory