Digium Asterisk vulnerabilities
114 known vulnerabilities affecting digium/asterisk.
Total CVEs
114
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH37MEDIUM67LOW5
Vulnerabilities
Page 2 of 6
CVE-2017-16671P3HIGHCVSS 8.8≥ 13.0.0, < 13.18.1≥ 14.0.0, < 14.7.1+1 more2017-11-09
CVE-2017-16671 [HIGH] CWE-119 CVE-2017-16671: A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1,
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field
nvdosv
CVE-2017-17664P3MEDIUMCVSS 5.9≥ 13.0.0, < 13.18.4≥ 14.0.0, < 14.7.4+1 more2017-12-13
CVE-2017-17664 [MEDIUM] CWE-119 CVE-2017-17664: A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4,
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.
nvdosv
CVE-2021-26712P3HIGHCVSS 7.5≥ 13.0.0, ≤ 13.38.2≥ 16.0.0, < 16.16.1+2 more2021-02-18
CVE-2021-26712 [HIGH] CVE-2021-26712: Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
nvdosv
CVE-2021-32558P3HIGHCVSS 7.5≥ 13.0.0, < 13.38.3≥ 16.0.0, < 16.19.1+2 more2021-07-30
CVE-2021-32558 [HIGH] CWE-74 CVE-2021-32558: An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
nvdosv
CVE-2015-3008P3MEDIUMCVSS 4.3v1.8.0v1.8.1+93 more2015-04-10
CVE-2015-3008 [MEDIUM] CWE-310 CVE-2015-3008: Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 1
Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 ce
nvdosv
CVE-2014-8418P3CRITICALCVSS 9.0≥ 1.8.0, ≤ 1.8.32.0≥ 11.0.0, < 11.14.1+1 more2014-11-24
CVE-2014-8418 [CRITICAL] CWE-264 CVE-2014-8418: The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x bef
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.
nvdosv
CVE-2006-4345P3HIGHCVSS 7.5v1.0.0v1.0.1+18 more2006-08-24
CVE-2006-4345 [HIGH] CVE-2006-4345: Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows re
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
nvdosv
CVE-2017-14099P3HIGHCVSS 7.5v13.0.0v13.0.1+99 more2017-09-02
CVE-2017-14099 [HIGH] CWE-200 CVE-2017-14099: In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6
In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP
nvdosv
CVE-2017-14603P3HIGHCVSS 7.5v13.0.0v13.0.1+99 more2017-10-10
CVE-2017-14603 [HIGH] CWE-200 CVE-2017-14603: In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk
In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.
nvdosv
CVE-2023-37457P3HIGHCVSS 8.2≤ 18.20.0≥ 19.0.0, ≤ 20.5.0+1 more2023-12-14
CVE-2023-37457 [HIGH] CWE-120 CVE-2023-37457: Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20
Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so thi
nvd
CVE-2018-19278P3HIGHCVSS 7.5v15.0.0v15.1.0+15 more2018-11-14
CVE-2018-19278 [HIGH] CWE-119 CVE-2018-19278: Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 1
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.
nvdosv
CVE-2014-4046P3MEDIUMCVSS 6.5v11.0.0v11.0.1+18 more2014-06-17
CVE-2014-4046 [MEDIUM] CVE-2014-4046: Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 1
Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.
nvdosv
CVE-2007-6171P3HIGHCVSS 7.5≥ 1.4.0, < 1.4.15vc.1.02007-11-30
CVE-2007-6171 [HIGH] CWE-89 CVE-2007-6171: SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x bef
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
nvdosv
CVE-2014-8413P3HIGHCVSS 7.5≥ 12.0.0, < 12.7.1≥ 13.0.0, < 13.0.12014-11-24
CVE-2014-8413 [HIGH] CWE-264 CVE-2014-8413: The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not
The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.
nvdosv
CVE-2019-18976P3HIGHCVSS 7.5≥ 13.0.0, ≤ 13.29.12019-11-22
CVE-2019-18976 [HIGH] CWE-476 CVE-2019-18976: An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk t
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.
nvdosv
CVE-2016-7551P3HIGHCVSS 7.5v11.0.0v11.0.1+64 more2017-04-17
CVE-2016-7551 [HIGH] CWE-399 CVE-2016-7551: chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 b
chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).
nvdosv
CVE-2018-7285P3HIGHCVSS 7.5≥ 15.0.0, ≤ 15.2.12018-02-22
CVE-2018-7285 [HIGH] CWE-476 CVE-2018-7285: A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Aster
A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry w
nvd
CVE-2021-26717P3HIGHCVSS 7.5≥ 16.0.0, < 16.16.1≥ 17.0.0, < 17.9.2+1 more2021-02-18
CVE-2021-26717 [HIGH] CVE-2021-26717: An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, t
nvdosv
CVE-2014-8417P3MEDIUMCVSS 6.5≥ 11.0.0, < 11.14.1≥ 12.0.0, < 12.7.1+1 more2014-11-24
CVE-2014-8417 [MEDIUM] CWE-264 CVE-2014-8417: ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified
ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI ac
nvdosv
CVE-2016-9937P3HIGHCVSS 7.5v13.12v13.13+7 more2016-12-12
CVE-2016-9937 [HIGH] CWE-119 CVE-2016-9937: An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 1
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces
nvd