Debian Asterisk vulnerabilities

CVE-2026-23738 [LOW] CVE-2026-23738: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relat

CVE-2026-23739 [LOW] CVE-2026-23739: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and

CVE-2026-23740 [NONE] CVE-2026-23740: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to ex

CVE-2026-23741 [NONE] CVE-2026-23741: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder

CVE-2025-1131 [HIGH] CVE-2025-1131: asterisk - A local privilege escalation vulnerability exists in the safe_asterisk script in... A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access

CVE-2025-47779 [HIGH] CVE-2025-47779: asterisk - Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.2... Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user wit

CVE-2025-54995 [MEDIUM] CVE-2025-54995: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. Scope: local bullseye: resolved (fixed in 1:16.

CVE-2025-47780 [MEDIUM] CVE-2025-47780: asterisk - Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.2... Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not wo

CVE-2025-57767 [HIGH] CVE-2025-57767: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ... Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.15.2, 21.10.2, and 22.5.2, if a SIP request is received with an Authorization header that contains a realm that wasn't in a previous 401 response's WWW-Authenticate header, or an Authorization header with an incorrect realm was received without a previous 401 response bei

CVE-2025-49832 [MEDIUM] CVE-2025-49832: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In ver... Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header,

CVE-2024-42365 [HIGH] CVE-2024-42365: asterisk - Asterisk is an open source private branch exchange (PBX) and telephony toolkit. ... Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write th

CVE-2024-53566 [MEDIUM] CVE-2024-53566: asterisk - An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/... An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u6) sid: resolved (fixed in 1:22.1.1~dfsg+~cs6.14.60671435-1)

CVE-2024-42491 [MEDIUM] CVE-2024-42491: asterisk - Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.2... Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch

CVE-2024-57520 [CRITICAL] CVE-2024-57520: asterisk - Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to e... Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who

CVE-2024-35190 [MEDIUM] CVE-2024-35190: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. After ... Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. Scope: local bullseye: resolved sid: resolved

CVE-2023-38703 [CRITICAL] CVE-2023-38703: asterisk - PJSIP is a free and open source multimedia communication library written in C wi... PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-a

CVE-2023-27585 [HIGH] CVE-2023-27585: asterisk - PJSIP is a free and open source multimedia communication library written in C. A... PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query rec

CVE-2023-49786 [HIGH] CVE-2023-49786: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In Ast... Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuousl

CVE-2023-37457 [HIGH] CVE-2023-37457: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In Ast... Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrit

CVE-2023-49294 [MEDIUM] CVE-2023-49294: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In Ast... Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as