1. Home
  2. CVE Database
  3. CVE-2012-0885
MEDIUM · 4.3

CVE-2012-0885

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial o...

Vulnerability Description

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
AsteriskOpen Source1.8.0

References

FAQ

What is CVE-2012-0885?

CVE-2012-0885 is a vulnerability with a CVSS score of 4.3 (MEDIUM). chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial o...

How severe is CVE-2012-0885?

CVE-2012-0885 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0885?

Check the references section above for vendor advisories and patch information. Affected products include: Asterisk Open Source.