Double free vulnerability in Asterisk Open Source versions 1.8.x and 10.x, Certified Asterisk versions 1.8.11-certx, and Asterisk Digiumphones versions 10.x.x-digiumphones allows remote authenticated users to cause a denial of service.

Double free vulnerability in Asterisk Open Source versions 1.8.x and 10.x, Certified Asterisk versions 1.8.11-certx, and Asterisk Digiumphones versions 10.x.x-digiumphones allows remote authenticated users to cause a denial of service.

CVE-2012-3812 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

Learn more about our Open Source Audit.