Alpine: multiple asterisk packages: security update to 10.5.0-r0 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 401218

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows
remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by
sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to
CVE-2012-2948. (CVE-2012-3553)

See Also

https://git.alpinelinux.org/aports/commit/?id=3d60d8a67fc98c0d9f1837fb8747e87e403291e7

https://git.alpinelinux.org/aports/commit/?id=61c2b9bc9c82ef7d1df86adaf0dc307ed8174f2f

Plugin Details

Severity: High

ID: 401218

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2012-3553

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/15/2012

Vulnerability Publication Date: 6/14/2012

Reference Information

CVE: CVE-2012-3553

BID: 54017