CVE-2012-2415

medium

Published 2012-04-30 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.5

VIR risk

6.5

Description

Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://downloads.asterisk.org/pub/security/AST-2012-005.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-2415

OS impact

OS	Version	Status	Fixed in
debian	bullseye	fixed	`1:1.8.11.1~dfsg-1`
debian	sid	fixed	`1:1.8.11.1~dfsg-1`

Application impact

Vendor	Product	Versions
asterisk	open_source	`1.6.2.0`
asterisk	open_source	`1.6.2.1`
asterisk	open_source	`1.6.2.2`
asterisk	open_source	`1.6.2.3`
asterisk	open_source	`1.6.2.4`
asterisk	open_source	`1.6.2.5`
asterisk	open_source	`1.6.2.6`
asterisk	open_source	`1.6.2.7`
asterisk	open_source	`1.6.2.8`
asterisk	open_source	`1.6.2.9`
asterisk	open_source	`1.6.2.10`
asterisk	open_source	`1.6.2.11`
asterisk	open_source	`1.6.2.12`
asterisk	open_source	`1.6.2.13`
asterisk	open_source	`1.6.2.14`
asterisk	open_source	`1.6.2.15`
asterisk	open_source	`1.6.2.15.1`
asterisk	open_source	`1.6.2.16`
asterisk	open_source	`1.6.2.16.1`
asterisk	open_source	`1.6.2.16.2`
asterisk	open_source	`1.6.2.17`
asterisk	open_source	`1.6.2.17.1`
asterisk	open_source	`1.6.2.17.2`
asterisk	open_source	`1.6.2.17.3`
asterisk	open_source	`1.6.2.18`
asterisk	open_source	`1.6.2.18.1`
asterisk	open_source	`1.6.2.18.2`
asterisk	open_source	`1.6.2.19`
asterisk	open_source	`1.6.2.20`
asterisk	open_source	`1.6.2.21`
asterisk	open_source	`1.6.2.22`
asterisk	open_source	`1.6.2.23`
asterisk	open_source	`1.8.0`
asterisk	open_source	`1.8.1`
asterisk	open_source	`1.8.1.1`
asterisk	open_source	`1.8.1.2`
asterisk	open_source	`1.8.2`
asterisk	open_source	`1.8.2.1`
asterisk	open_source	`1.8.2.2`
asterisk	open_source	`1.8.2.3`
asterisk	open_source	`1.8.2.4`
asterisk	open_source	`1.8.3`
asterisk	open_source	`1.8.3.1`
asterisk	open_source	`1.8.3.2`
asterisk	open_source	`1.8.3.3`
asterisk	open_source	`1.8.4`
asterisk	open_source	`1.8.4.1`
asterisk	open_source	`1.8.4.2`
asterisk	open_source	`1.8.4.3`
asterisk	open_source	`1.8.4.4`
asterisk	open_source	`1.8.5`
asterisk	open_source	`1.8.5.0`
asterisk	open_source	`1.8.6.0`
asterisk	open_source	`1.8.7.0`
asterisk	open_source	`1.8.7.1`
asterisk	open_source	`1.8.7.2`
asterisk	open_source	`1.8.8.0`
asterisk	open_source	`1.8.8.1`
asterisk	open_source	`1.8.8.2`
asterisk	open_source	`1.8.9.0`
asterisk	open_source	`1.8.9.1`
asterisk	open_source	`1.8.9.2`
asterisk	open_source	`1.8.9.3`
asterisk	open_source	`1.8.10.0`
asterisk	open_source	`1.8.10.1`
asterisk	open_source	`1.8.11.0`
asterisk	open_source	`10.0.0`
asterisk	open_source	`10.0.1`
asterisk	open_source	`10.1.0`
asterisk	open_source	`10.1.1`
asterisk	open_source	`10.1.2`
asterisk	open_source	`10.1.3`
asterisk	open_source	`10.2.0`
asterisk	open_source	`10.2.1`
asterisk	open_source	`10.3.0`

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.