CVE - CVE-2012-1183

CVE-ID
CVE-2012-1183	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1026812 URL:http://securitytracker.com/id?1026812 MISC:20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application URL:http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html MISC:48417 URL:http://secunia.com/advisories/48417 MISC:48941 URL:http://secunia.com/advisories/48941 MISC:52523 URL:http://www.securityfocus.com/bid/52523 MISC:80125 URL:~~http://osvdb.org/80125~~ (Obsolete source) MISC:DSA-2460 URL:http://www.debian.org/security/2012/dsa-2460 MISC:[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws URL:http://www.openwall.com/lists/oss-security/2012/03/16/10 MISC:[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws URL:http://www.openwall.com/lists/oss-security/2012/03/16/17 MISC:asterisk-milliwattgenerate-dos(74082) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/74082 MISC:http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff URL:http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff MISC:http://downloads.asterisk.org/pub/security/AST-2012-002.pdf URL:http://downloads.asterisk.org/pub/security/AST-2012-002.pdf MISC:http://www.asterisk.org/node/51797 URL:http://www.asterisk.org/node/51797
Assigning CNA
Red Hat, Inc.
Date Record Created
20120214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)