CVE-2012-2948

chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.

Published: Jun 2, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2948
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
asterisk / certified_asterisk	1.8.11-cert	1.8.11-cert.x
asterisk / certified_asterisk	1.8.11-cert1	1.8.11-cert1.x
asterisk / open_source	1.8.10.0-rc1	1.8.10.0-rc1.x
asterisk / open_source	1.8.0-beta1	1.8.0-beta1.x
asterisk / open_source	1.8.1-rc1	1.8.1-rc1.x
asterisk / open_source	1.8.0-rc2	1.8.0-rc2.x
asterisk / open_source	1.8.9.0-rc1	1.8.9.0-rc1.x
asterisk / open_source	1.8.10.0-rc2	1.8.10.0-rc2.x
asterisk / open_source	1.8.0-rc3	1.8.0-rc3.x
asterisk / open_source	1.8.8.0-rc4	1.8.8.0-rc4.x
asterisk / open_source	1.8.0-beta2	1.8.0-beta2.x
asterisk / open_source	1.8.8.0-rc3	1.8.8.0-rc3.x
asterisk / open_source	1.8.11.0	1.8.11.0.x
asterisk / open_source	1.8.11.0-rc3	1.8.11.0-rc3.x
asterisk / open_source	1.8.0-rc1	1.8.0-rc1.x
asterisk / open_source	1.8.9.0-rc2	1.8.9.0-rc2.x
asterisk / open_source	1.8.0-beta3	1.8.0-beta3.x
asterisk / open_source	1.8.12.0-rc3	1.8.12.0-rc3.x
asterisk / open_source	1.8.6.0-rc3	1.8.6.0-rc3.x
asterisk / open_source	1.8.6.0-rc2	1.8.6.0-rc2.x
asterisk / open_source	1.8.7.0-rc2	1.8.7.0-rc2.x
asterisk / open_source	1.8.10.0-rc3	1.8.10.0-rc3.x
asterisk / open_source	1.8.8.0-rc1	1.8.8.0-rc1.x
asterisk / open_source	1.8.6.0	1.8.6.0.x
asterisk / open_source	1.8.8.0-rc2	1.8.8.0-rc2.x
asterisk / open_source	1.8.5.0	1.8.5.0.x
asterisk / open_source	1.8.9.0-rc3	1.8.9.0-rc3.x
asterisk / open_source	1.8.12	1.8.12.x
asterisk / open_source	1.8.12.0-rc2	1.8.12.0-rc2.x
asterisk / open_source	1.8.7.0	1.8.7.0.x
asterisk / open_source	1.8.2	1.8.2.x
asterisk / open_source	1.8.0	1.8.0.x
asterisk / open_source	1.8.3-rc1	1.8.3-rc1.x
asterisk / open_source	1.8.10.0	1.8.10.0.x
asterisk / open_source	1.8.8.0	1.8.8.0.x
asterisk / open_source	1.8.11.0-rc2	1.8.11.0-rc2.x
asterisk / open_source	1.8.7.0-rc1	1.8.7.0-rc1.x
asterisk / open_source	1.8.0-beta4	1.8.0-beta4.x
asterisk / open_source	1.8.8.0-rc5	1.8.8.0-rc5.x
asterisk / open_source	1.8.0-rc4	1.8.0-rc4.x
asterisk / open_source	1.8.0-rc5	1.8.0-rc5.x
asterisk / open_source	1.8.1	1.8.1.x
asterisk / open_source	1.8.6.0-rc1	1.8.6.0-rc1.x
asterisk / open_source	1.8.9.0	1.8.9.0.x
asterisk / open_source	1.8.2-rc1	1.8.2-rc1.x
asterisk / open_source	1.8.10.0-rc4	1.8.10.0-rc4.x
asterisk / open_source	1.8.12.0-rc1	1.8.12.0-rc1.x
asterisk / open_source	1.8.5-rc1	1.8.5-rc1.x
asterisk / open_source	1.8.0-beta5	1.8.0-beta5.x
asterisk / open_source	10.2.0-rc2	10.2.0-rc2.x
asterisk / open_source	10.3.0	10.3.0.x
asterisk / open_source	10.2.0-rc1	10.2.0-rc1.x
asterisk / open_source	10.4.0-rc3	10.4.0-rc3.x
asterisk / open_source	10.3	10.3.x
asterisk / open_source	10.3.0-rc3	10.3.0-rc3.x
asterisk / open_source	10.1.0	10.1.0.x
asterisk / open_source	10.2.0-rc4	10.2.0-rc4.x
asterisk / open_source	10.3.0-rc2	10.3.0-rc2.x
asterisk / open_source	10.4.0-rc1	10.4.0-rc1.x
asterisk / open_source	10.1.0-rc1	10.1.0-rc1.x
asterisk / open_source	10.0.0	10.0.0.x
asterisk / open_source	10.2.0-rc3	10.2.0-rc3.x
asterisk / open_source	10.0.0-beta1	10.0.0-beta1.x
asterisk / open_source	10.2.0	10.2.0.x
asterisk / open_source	10.0.0-rc2	10.0.0-rc2.x
asterisk / open_source	10.0.0-rc3	10.0.0-rc3.x
asterisk / open_source	10.1.0-rc2	10.1.0-rc2.x
asterisk / open_source	10.0.0-rc1	10.0.0-rc1.x
asterisk / open_source	10.4.0-rc2	10.4.0-rc2.x
asterisk / open_source	10.0.0-beta2	10.0.0-beta2.x
sangoma / asterisk	-	1.8.12.0.x
sangoma / asterisk	-	10.4.0.x

Vulnerability Database

289,697

CVE-2012-2948