CVE-2012-2416 [Medium] | Memory Corruption in Open Source

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	5.05%	2.19%	-2.86%
2	2025-03-30	6.04%	5.05%	-0.99%
3	2025-03-29	—	6.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

5.05%

2.19%

-2.86%

2025-03-30

6.04%

5.05%

-0.99%

2025-03-29

—

6.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.5	2.0	MEDIUM	`AV:N/AC:L/Au:S/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.5

2.0

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.0

6.4

[email protected]

OS Trackers for CVE-2012-2416

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2012-2416 not yet assigned priority: Debian including 1 source packages (asterisk), 2 status rows across 2 suites (bullseye, sid): resolved 2.	https://security-tracker.debian.org/tracker/CVE-2012-2416
`gentoo`	normal	CVE-2012-2416: 1 GLSA(s) (201206-05), 1 atom(s) (net-misc/asterisk); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-2416
`ubuntu`	medium	CVE-2012-2416 medium priority: Ubuntu including 1 source packages (asterisk), 16 status rows across 16 suites (hardy, lucid, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 9, ignored 5, DNE 1, needs-triage 1.	https://ubuntu.com/security/CVE-2012-2416

Affected software / configurations for CVE-2012-2416

Vendor	Product	Version	Raw CPE
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:::::::*
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc2::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc3::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc4::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc5::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc6::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc7::::::
asterisk	open_source	1.6.2.0	cpe:2.3:a:asterisk:open_source:1.6.2.0:rc8::::::
asterisk	open_source	1.6.2.1	cpe:2.3:a:asterisk:open_source:1.6.2.1:::::::*
asterisk	open_source	1.6.2.1	cpe:2.3:a:asterisk:open_source:1.6.2.1:rc1::::::
asterisk	open_source	1.6.2.2	cpe:2.3:a:asterisk:open_source:1.6.2.2:::::::*
asterisk	open_source	1.6.2.3	cpe:2.3:a:asterisk:open_source:1.6.2.3:rc2::::::
asterisk	open_source	1.6.2.4	cpe:2.3:a:asterisk:open_source:1.6.2.4:::::::*
asterisk	open_source	1.6.2.5	cpe:2.3:a:asterisk:open_source:1.6.2.5:::::::*
asterisk	open_source	1.6.2.6	cpe:2.3:a:asterisk:open_source:1.6.2.6:::::::*
asterisk	open_source	1.6.2.6	cpe:2.3:a:asterisk:open_source:1.6.2.6:rc1::::::
asterisk	open_source	1.6.2.6	cpe:2.3:a:asterisk:open_source:1.6.2.6:rc2::::::
asterisk	open_source	1.6.2.7	cpe:2.3:a:asterisk:open_source:1.6.2.7:::::::*
asterisk	open_source	1.6.2.7	cpe:2.3:a:asterisk:open_source:1.6.2.7:rc1::::::
asterisk	open_source	1.6.2.7	cpe:2.3:a:asterisk:open_source:1.6.2.7:rc2::::::
asterisk	open_source	1.6.2.7	cpe:2.3:a:asterisk:open_source:1.6.2.7:rc3::::::
asterisk	open_source	1.6.2.8	cpe:2.3:a:asterisk:open_source:1.6.2.8:::::::*
asterisk	open_source	1.6.2.8	cpe:2.3:a:asterisk:open_source:1.6.2.8:rc1::::::
asterisk	open_source	1.6.2.9	cpe:2.3:a:asterisk:open_source:1.6.2.9:::::::*
asterisk	open_source	1.6.2.9	cpe:2.3:a:asterisk:open_source:1.6.2.9:rc1::::::
asterisk	open_source	1.6.2.9	cpe:2.3:a:asterisk:open_source:1.6.2.9:rc2::::::
asterisk	open_source	1.6.2.9	cpe:2.3:a:asterisk:open_source:1.6.2.9:rc3::::::
asterisk	open_source	1.6.2.10	cpe:2.3:a:asterisk:open_source:1.6.2.10:::::::*
asterisk	open_source	1.6.2.10	cpe:2.3:a:asterisk:open_source:1.6.2.10:rc1::::::
asterisk	open_source	1.6.2.10	cpe:2.3:a:asterisk:open_source:1.6.2.10:rc2::::::
asterisk	open_source	1.6.2.11	cpe:2.3:a:asterisk:open_source:1.6.2.11:::::::*
asterisk	open_source	1.6.2.11	cpe:2.3:a:asterisk:open_source:1.6.2.11:rc1::::::
asterisk	open_source	1.6.2.11	cpe:2.3:a:asterisk:open_source:1.6.2.11:rc2::::::
asterisk	open_source	1.6.2.12	cpe:2.3:a:asterisk:open_source:1.6.2.12:::::::*
asterisk	open_source	1.6.2.12	cpe:2.3:a:asterisk:open_source:1.6.2.12:rc1::::::
asterisk	open_source	1.6.2.13	cpe:2.3:a:asterisk:open_source:1.6.2.13:::::::*
asterisk	open_source	1.6.2.14	cpe:2.3:a:asterisk:open_source:1.6.2.14:::::::*
asterisk	open_source	1.6.2.14	cpe:2.3:a:asterisk:open_source:1.6.2.14:rc1::::::
asterisk	open_source	1.6.2.15	cpe:2.3:a:asterisk:open_source:1.6.2.15:::::::*
asterisk	open_source	1.6.2.15	cpe:2.3:a:asterisk:open_source:1.6.2.15:rc1::::::
asterisk	open_source	1.6.2.15.1	cpe:2.3:a:asterisk:open_source:1.6.2.15.1:::::::*
asterisk	open_source	1.6.2.16	cpe:2.3:a:asterisk:open_source:1.6.2.16:::::::*
asterisk	open_source	1.6.2.16	cpe:2.3:a:asterisk:open_source:1.6.2.16:rc1::::::
asterisk	open_source	1.6.2.16.1	cpe:2.3:a:asterisk:open_source:1.6.2.16.1:::::::*
asterisk	open_source	1.6.2.16.2	cpe:2.3:a:asterisk:open_source:1.6.2.16.2:::::::*
asterisk	open_source	1.6.2.17	cpe:2.3:a:asterisk:open_source:1.6.2.17:::::::*
asterisk	open_source	1.6.2.17	cpe:2.3:a:asterisk:open_source:1.6.2.17:rc1::::::
asterisk	open_source	1.6.2.17	cpe:2.3:a:asterisk:open_source:1.6.2.17:rc2::::::
asterisk	open_source	1.6.2.17	cpe:2.3:a:asterisk:open_source:1.6.2.17:rc3::::::
asterisk	open_source	1.6.2.17.1	cpe:2.3:a:asterisk:open_source:1.6.2.17.1:::::::*
asterisk	open_source	1.6.2.17.2	cpe:2.3:a:asterisk:open_source:1.6.2.17.2:::::::*
asterisk	open_source	1.6.2.17.3	cpe:2.3:a:asterisk:open_source:1.6.2.17.3:::::::*
asterisk	open_source	1.6.2.18	cpe:2.3:a:asterisk:open_source:1.6.2.18:::::::*
asterisk	open_source	1.6.2.18	cpe:2.3:a:asterisk:open_source:1.6.2.18:rc1::::::
asterisk	open_source	1.6.2.18.1	cpe:2.3:a:asterisk:open_source:1.6.2.18.1:::::::*
asterisk	open_source	1.6.2.18.2	cpe:2.3:a:asterisk:open_source:1.6.2.18.2:::::::*
asterisk	open_source	1.6.2.19	cpe:2.3:a:asterisk:open_source:1.6.2.19:::::::*
asterisk	open_source	1.6.2.19	cpe:2.3:a:asterisk:open_source:1.6.2.19:rc1::::::
asterisk	open_source	1.6.2.20	cpe:2.3:a:asterisk:open_source:1.6.2.20:::::::*
asterisk	open_source	1.6.2.21	cpe:2.3:a:asterisk:open_source:1.6.2.21:::::::*
asterisk	open_source	1.6.2.22	cpe:2.3:a:asterisk:open_source:1.6.2.22:::::::*
asterisk	open_source	1.6.2.23	cpe:2.3:a:asterisk:open_source:1.6.2.23:::::::*
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:::::::*
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:beta1::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:beta2::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:beta3::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:beta4::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:beta5::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:rc2::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:rc3::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:rc4::::::
asterisk	open_source	1.8.0	cpe:2.3:a:asterisk:open_source:1.8.0:rc5::::::
asterisk	open_source	1.8.1	cpe:2.3:a:asterisk:open_source:1.8.1:::::::*
asterisk	open_source	1.8.1	cpe:2.3:a:asterisk:open_source:1.8.1:rc1::::::
asterisk	open_source	1.8.1.1	cpe:2.3:a:asterisk:open_source:1.8.1.1:::::::*
asterisk	open_source	1.8.1.2	cpe:2.3:a:asterisk:open_source:1.8.1.2:::::::*
asterisk	open_source	1.8.2	cpe:2.3:a:asterisk:open_source:1.8.2:::::::*
asterisk	open_source	1.8.2	cpe:2.3:a:asterisk:open_source:1.8.2:rc1::::::
asterisk	open_source	1.8.2.1	cpe:2.3:a:asterisk:open_source:1.8.2.1:::::::*
asterisk	open_source	1.8.2.2	cpe:2.3:a:asterisk:open_source:1.8.2.2:::::::*

References for CVE-2012-2416

URL	Tags
http://downloads.asterisk.org/pub/security/AST-2012-006.html	Patch Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079759.html
http://osvdb.org/81456
http://secunia.com/advisories/48891
http://www.securityfocus.com/bid/53205
http://www.securitytracker.com/id?1026963
https://exchange.xforce.ibmcloud.com/vulnerabilities/75101
https://issues.asterisk.org/jira/browse/ASTERISK-19770

URL

CVE-2012-2416

Exploit prediction scoring system (EPSS) score for CVE-2012-2416

Common vulnerability scoring system (CVSS) metrics for CVE-2012-2416

Weakness enumeration for CVE-2012-2416

OS Trackers for CVE-2012-2416

Affected software / configurations for CVE-2012-2416

References for CVE-2012-2416