CVE-2012-1184

Priority
Medium
Description
Stack-based buffer overflow in the ast_parse_digest function in
main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1
allows remote attackers to cause a denial of service (crash) or possibly
execute arbitrary code via a long string in an HTTP Digest Authentication
header.
References
Bugs
Package
Upstream:released (1:1.8.10.0~dfsg-1)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.10 (Oneiric Ocelot):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1:1.8.10.1~dfsg-1ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.04 (Raring Ringtail):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2013-05-09 15:18:06 UTC (commit 6824)