Launchpad CVE tracker

CVE 2012-1184

Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.

Related bugs and status

CVE-2012-1184 (Candidate) is related to these bugs:

Bug #956578: Remote crash vulnerability in SIP channel driver

Summary				In	Importance	Status
	956578	Remote crash vulnerability in SIP channel driver		asterisk (Ubuntu)	Undecided	Fix Released

Bug #956580: Remote Crash Vulnerability in Milliwatt Application

Summary				In	Importance	Status
	956580	Remote Crash Vulnerability in Milliwatt Application		asterisk (Ubuntu)	Undecided	Fix Released

Bug #956581: Stack Buffer Overflow in HTTP Manager

Summary				In	Importance	Status
	956581	Stack Buffer Overflow in HTTP Manager		asterisk (Ubuntu)	Undecided	Fix Released

Bug #987772: [FFe] Update to asterisk 1.8.10.1 for security fixes

Summary				In	Importance	Status
	987772	[FFe] Update to asterisk 1.8.10.1 for security fixes		asterisk (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-1184

References