Launchpad CVE tracker

CVE 2012-5977

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

Related bugs and status

CVE-2012-5977 (Candidate) is related to these bugs:

Bug #1097687: (CVE-2012-5976) AST-2012-014 Crashes due to large stack allocations when using TCP

Summary				In	Importance	Status
	1097687	(CVE-2012-5976) AST-2012-014 Crashes due to large stack allocations when using TCP		asterisk (Ubuntu)	Undecided	Fix Released
	1097687	(CVE-2012-5976) AST-2012-014 Crashes due to large stack allocations when using TCP		asterisk (Debian)	Unknown	Fix Released

Bug #1097691: (CVE-2012-5977) AST-2012-015 Denial of Service Through Exploitation of Device State Caching

Summary				In	Importance	Status
	1097691	(CVE-2012-5977) AST-2012-015 Denial of Service Through Exploitation of Device State Caching		asterisk (Ubuntu)	Undecided	Fix Released
	1097691	(CVE-2012-5977) AST-2012-015 Denial of Service Through Exploitation of Device State Caching		asterisk (Debian)	Unknown	Fix Released

Bug #1205644: Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1205644	Merge asterisk 1:1.8.13.1~dfsg-3 (universe) from Debian unstable (main)		asterisk (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5977

References