Debian Asterisk vulnerabilities
185 known vulnerabilities affecting debian/asterisk.
Total CVEs
185
CISA KEV
0
Public exploits
18
Exploited in wild
0
Severity breakdown
CRITICAL17HIGH46MEDIUM93LOW27
Vulnerabilities
Page 5 of 10
CVE-2008-7220P3LOWCVSS 7.5fixed in asterisk 1:1.6.2.0~rc3-1 (bullseye)2008
CVE-2008-7220 [HIGH] CVE-2008-7220: asterisk - Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before...
Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.
Scope: local
bullseye: resolved (fixed in 1:1.6.2.0~rc3-1)
sid: resolved (fixed in 1:1.6.2.0~rc3-1)
debian
CVE-2025-49832P3LOWCVSS 6.5fixed in asterisk 1:22.5.1~dfsg+~cs6.15.60671435-1 (sid)2025
CVE-2025-49832 [MEDIUM] CVE-2025-49832: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In ver...
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header,
debian
CVE-2017-9358P3HIGHCVSS 7.5fixed in asterisk 1:13.14.1~dfsg-2 (bullseye)2017
CVE-2017-9358 [HIGH] CVE-2017-9358: asterisk - A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13....
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
Scope: local
bullseye: resolved (fixed in 1:13.14.1~df
debian
CVE-2007-1595P3LOWCVSS 7.5fixed in asterisk 1:1.4.0~dfsg-1 (bullseye)2007
CVE-2007-1595 [HIGH] CVE-2007-1595: asterisk - The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not prop...
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
Scope: local
bullseye: resolved (fixed in 1:1.4.0~dfsg-1)
sid: resolved (fixed in 1:1.4.0~dfsg-1)
debian
CVE-2025-47779P3HIGHCVSS 7.7fixed in asterisk 1:16.28.0~dfsg-0+deb11u7 (bullseye)2025
CVE-2025-47779 [HIGH] CVE-2025-47779: asterisk - Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.2...
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user wit
debian
CVE-2011-1147P3MEDIUMCVSS 6.8fixed in asterisk 1:1.8.3.3-1 (bullseye)2011
CVE-2011-1147 [MEDIUM] CVE-2011-1147: asterisk - Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type...
Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enab
debian
CVE-2011-0495P3MEDIUMCVSS 6.0fixed in asterisk 1:1.6.2.9-2+squeeze1 (bullseye)2011
CVE-2011-0495 [MEDIUM] CVE-2011-0495: asterisk - Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in As...
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP cha
debian
CVE-2019-18790P3MEDIUMCVSS 6.5fixed in asterisk 1:16.10.0~dfsg-1 (bullseye)2019
CVE-2019-18790 [MEDIUM] CVE-2019-18790: asterisk - An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 1...
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known
debian
CVE-2009-2726P3HIGHCVSS 7.8fixed in asterisk 1:1.6.2.0~dfsg~rc1-1 (bullseye)2009
CVE-2009-2726 [HIGH] CVE-2009-2726: asterisk - The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before...
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which a
debian
CVE-2022-37325P3HIGHCVSS 7.5fixed in asterisk 1:16.28.0~dfsg-0+deb11u2 (bullseye)2022
CVE-2022-37325 [HIGH] CVE-2022-37325: asterisk - In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x thr...
In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
Scope: local
bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u2)
sid: resolved (fixed in 1:20.0.1~dfsg+~cs6.12.40431414-1)
debian
CVE-2006-4346P3MEDIUMCVSS 7.5fixed in asterisk 1:1.2.11.dfsg-1 (bullseye)2006
CVE-2006-4346 [HIGH] CVE-2006-4346: asterisk - Asterisk 1.2.10 supports the use of client-controlled variables to determine fil...
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
Scope: local
bullseye: resolved (fixed in 1:1.2.11.dfs
debian
CVE-2021-46837P3MEDIUMCVSS 6.5fixed in asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)2021
CVE-2021-46837 [MEDIUM] CVE-2021-46837: asterisk - res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 1...
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reas
debian
CVE-2026-23739P3LOWCVSS 2.0fixed in asterisk 1:16.28.0~dfsg-0+deb11u9 (bullseye)2026
CVE-2026-23739 [LOW] CVE-2026-23739: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ...
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and
debian
CVE-2006-2898P3HIGHCVSS 7.5fixed in asterisk 1:1.2.10.dfsg-2 (bullseye)2006
CVE-2006-2898 [HIGH] CVE-2006-2898: asterisk - The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x be...
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is po
debian
CVE-2013-7100P4MEDIUMCVSS 5.0fixed in asterisk 1:11.7.0~dfsg-1 (bullseye)2013
CVE-2013-7100 [MEDIUM] CVE-2013-7100: asterisk - Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open S...
Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon cr
debian
CVE-2020-35776P3MEDIUMCVSS 6.5fixed in asterisk 1:16.16.1~dfsg-1 (bullseye)2020
CVE-2020-35776 [MEDIUM] CVE-2020-35776: asterisk - A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1,...
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
Scope: local
bullseye: resolved (fixed in 1:16.16.1~dfsg-1)
sid: resolved (fixed in 1:16.16.1~dfsg-1)
debian
CVE-2023-49786P4HIGHCVSS 7.5fixed in asterisk 1:16.28.0~dfsg-0+deb11u4 (bullseye)2023
CVE-2023-49786 [HIGH] CVE-2023-49786: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. In Ast...
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuousl
debian
CVE-2020-28242P3MEDIUMCVSS 6.5fixed in asterisk 1:16.15.0~dfsg-1 (bullseye)2020
CVE-2020-28242 [MEDIUM] CVE-2020-28242: asterisk - An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before...
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more mem
debian
CVE-2025-54995P3MEDIUMCVSS 6.5fixed in asterisk 1:16.28.0~dfsg-0+deb11u8 (bullseye)2025
CVE-2025-54995 [MEDIUM] CVE-2025-54995: asterisk - Asterisk is an open source private branch exchange and telephony toolkit. Prior ...
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Scope: local
bullseye: resolved (fixed in 1:16.
debian
CVE-2019-7251P3MEDIUMCVSS 6.5fixed in asterisk 1:16.2.1~dfsg-1 (bullseye)2019
CVE-2019-7251 [MEDIUM] CVE-2019-7251: asterisk - An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module ...
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
Scope: local
bullseye: resolved (fixed in 1:16.2.1~dfsg-1)
sid: resolved (fixed in 1:16.2.1~dfsg-1)
debian