Denial of Service Vulnerability in Asterisk Open Source SIP Protocols
CVE-2012-0885

Currently unrated

Key Information:

Vendor: Asterisk
Status: Open Source
Vendor: CVE Published:; 25 January 2012

What is CVE-2012-0885?

A vulnerability exists in Asterisk Open Source, specifically in the chan_sip.c file used for SIP communications. When the res_srtp module is engaged and media support is misconfigured, remote attackers can exploit this flaw through specially crafted SDP messages that include crypto attributes for video or text media types. This can lead to a denial of service, causing the daemon to crash due to a NULL pointer dereference.

References

http://downloads.asterisk.org/pub/security/AST-2012-001-1...

x_refsource_CONFIRM

https://issues.asterisk.org/jira/browse/ASTERISK-19202

x_refsource_CONFIRM

http://downloads.asterisk.org/pub/security/AST-2012-001-1...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 25, 2012