Unrated severityNVD Advisory· Published Jan 25, 2012· Updated Apr 29, 2026
CVE-2012-0885
CVE-2012-0885
Description
chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.
Affected products
59cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*+ 58 more
- cpe:2.3:a:asterisk:open_source:10.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:10.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.4:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:asterisk:open_source:1.8.8.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- downloads.asterisk.org/pub/security/AST-2012-001-1.8.diffnvdPatch
- downloads.asterisk.org/pub/security/AST-2012-001-10.diffnvdPatch
- issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patchnvdExploit
- downloads.asterisk.org/pub/security/AST-2012-001.htmlnvdVendor Advisory
- www.openwall.com/lists/oss-security/2012/01/20/16nvd
- www.openwall.com/lists/oss-security/2012/01/20/18nvd
- bugzilla.redhat.com/show_bug.cginvd
- issues.asterisk.org/jira/browse/ASTERISK-19202nvd
News mentions
0No linked articles in our index yet.