← Back

CVE-2012-3863

nvd nist
Published: Jul 9, 2012Modified: Apr 29, 2026

JSON object

Loading...
4.0
Vector
AV:N/AC:L/Au:S/C:N/I:N/A:P
Exploitability: 8.0 / Impact: 2.9
Source: NVD

Description

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

Affected (131)

Digium
4 products
Asterisk Business Edition
Asterisk
Asteriske
Certified Asterisk
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk Business Edition
Version c.3.1
Asterisk Business Edition
Version c.3.3
Asterisk Business Edition
Version c.3.7.4
Configuration B
67 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 1.8.0
Asterisk
Version 1.8.0 beta1
Asterisk
Version 1.8.0 beta2
Asterisk
Version 1.8.0 beta3
Asterisk
Version 1.8.0 beta4
Asterisk
Version 1.8.0 beta5
Asterisk
Version 1.8.0 rc2
Asterisk
Version 1.8.0 rc3
Asterisk
Version 1.8.0 rc4
Asterisk
Version 1.8.0 rc5
Asterisk
Version 1.8.1.1
Asterisk
Version 1.8.1.2
Asterisk
Version 1.8.11.0
Asterisk
Version 1.8.11.0 rc2
Asterisk
Version 1.8.11.0 rc3
Asterisk
Version 1.8.11.1
Asterisk
Version 1.8.13.0
Asterisk
Version 1.8.13.0 rc1
Asterisk
Version 1.8.13.0 rc2
Asterisk
Version 1.8.1
Asterisk
Version 1.8.1 rc1
Asterisk
Version 1.8.2.1
Asterisk
Version 1.8.2.2
Asterisk
Version 1.8.2.3
Asterisk
Version 1.8.2.4
Asterisk
Version 1.8.2
Asterisk
Version 1.8.3.1
Asterisk
Version 1.8.3.2
Asterisk
Version 1.8.3.3
Asterisk
Version 1.8.3
Asterisk
Version 1.8.3 rc1
Asterisk
Version 1.8.3 rc2
Asterisk
Version 1.8.3 rc3
Asterisk
Version 1.8.4.1
Asterisk
Version 1.8.4.2
Asterisk
Version 1.8.4.3
Asterisk
Version 1.8.4.4
Asterisk
Version 1.8.4
Asterisk
Version 1.8.4 rc1
Asterisk
Version 1.8.4 rc2
Asterisk
Version 1.8.4 rc3
Asterisk
Version 1.8.5.0
Asterisk
Version 1.8.5
Asterisk
Version 1.8.5 rc1
Asterisk
Version 1.8.6.0
Asterisk
Version 1.8.6.0 rc1
Asterisk
Version 1.8.6.0 rc2
Asterisk
Version 1.8.6.0 rc3
Asterisk
Version 1.8.7.0
Asterisk
Version 1.8.7.0 rc1
Asterisk
Version 1.8.7.0 rc2
Asterisk
Version 1.8.7.1
Asterisk
Version 1.8.8.0
Asterisk
Version 1.8.8.0 rc1
Asterisk
Version 1.8.8.0 rc2
Asterisk
Version 1.8.8.0 rc3
Asterisk
Version 1.8.8.0 rc5
Asterisk
Version 1.8.8.1
Asterisk
Version 1.8.8.2
Asterisk
Version 1.8.9.0
Asterisk
Version 1.8.9.0 rc1
Asterisk
Version 1.8.9.0 rc2
Asterisk
Version 1.8.9.0 rc3
Asterisk
Version 1.8.9.2
Asterisk
Version 1.8.9.3
Digium
Asteriske
Version 1.8.8.0 rc4
Asteriske
Version 1.8.9.1
Configuration C
24 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 10.0.0
Asterisk
Version 10.0.0 beta1
Asterisk
Version 10.0.0 beta2
Asterisk
Version 10.0.0 rc1
Asterisk
Version 10.0.0 rc2
Asterisk
Version 10.0.0 rc3
Asterisk
Version 10.1.0
Asterisk
Version 10.1.0 rc1
Asterisk
Version 10.1.0 rc2
Asterisk
Version 10.2.0
Asterisk
Version 10.2.0 rc1
Asterisk
Version 10.2.0 rc2
Asterisk
Version 10.2.0 rc3
Asterisk
Version 10.2.0 rc4
Asterisk
Version 10.3.0
Asterisk
Version 10.3.0 rc2
Asterisk
Version 10.3.0 rc3
Asterisk
Version 10.4.0
Asterisk
Version 10.4.0 rc1
Asterisk
Version 10.4.0 rc2
Asterisk
Version 10.5.0
Asterisk
Version 10.5.0 rc1
Asterisk
Version 10.5.0 rc2
Asterisk
Version 10.5.1
Configuration D
33 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Asterisk
Version 10.0.0
Asterisk
Version 10.0.0 beta1
Asterisk
Version 10.0.0 beta2
Asterisk
Version 10.0.0 rc1
Asterisk
Version 10.0.0 rc2
Asterisk
Version 10.0.0 rc3
Asterisk
Version 10.0.1
Asterisk
Version 10.1.0
Asterisk
Version 10.1.0 rc1
Asterisk
Version 10.1.0 rc2
Asterisk
Version 10.1.1
Asterisk
Version 10.1.2
Asterisk
Version 10.1.3
Asterisk
Version 10.2.0
Asterisk
Version 10.2.0 rc1
Asterisk
Version 10.2.0 rc2
Asterisk
Version 10.2.0 rc3
Asterisk
Version 10.2.0 rc4
Asterisk
Version 10.2.1
Asterisk
Version 10.3.0
Asterisk
Version 10.3.0 rc2
Asterisk
Version 10.3.0 rc3
Asterisk
Version 10.3.1
Asterisk
Version 10.4.0
Asterisk
Version 10.4.0 rc1
Asterisk
Version 10.4.0 rc2
Asterisk
Version 10.4.0 rc3
Asterisk
Version 10.4.1
Asterisk
Version 10.4.2
Asterisk
Version 10.5.0
Asterisk
Version 10.5.0 rc1
Asterisk
Version 10.5.0 rc2
Asterisk
Version 10.5.1
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Digium
Certified Asterisk
Version 1.8.11 cert1
Certified Asterisk
Version 1.8.11 cert2
Certified Asterisk
Version 1.8.11 cert3
Certified Asterisk
Version 1.8.11 cert

Related CWEs

CWE-399
CWE-399

References (12)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.