cbcvebase.

Digium Asterisk vulnerabilities

114 known vulnerabilities affecting digium/asterisk.

Total CVEs
114
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH37MEDIUM67LOW5

Vulnerabilities

Page 3 of 6
CVE-2011-1147P3MEDIUMCVSS 6.8v1.4.0v1.4.1+108 more2011-03-15
CVE-2011-1147 [MEDIUM] CWE-119 CVE-2011-1147: Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_pa Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 s
nvdosv
CVE-2011-0495P3MEDIUMCVSS 6.0fixed in c.3.6.2≥ 1.2.0, ≤ 1.2.40+7 more2011-01-20
CVE-2011-0495 [MEDIUM] CWE-787 CVE-2011-0495: Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source b Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving t
nvdosv
CVE-2019-18790P3MEDIUMCVSS 6.5≥ 13.0.0, < 13.29.2≥ 16.0.0, < 16.6.2+1 more2019-11-22
CVE-2019-18790 [MEDIUM] CWE-862 CVE-2019-18790: An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that need
nvdosv
CVE-2009-2726P3HIGHCVSS 7.8fixed in b.2.5.9≥ c.2.0, ≤ c.2.4.1+5 more2009-08-12
CVE-2009-2726 [HIGH] CWE-770 CVE-2009-2726: The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x b The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style func
nvdosv
CVE-2006-4346P3HIGHCVSS 7.5v1.2.102006-08-24
CVE-2006-4346 [HIGH] CVE-2006-4346: Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
nvdosv
CVE-2021-26713P3MEDIUMCVSS 6.5≥ 16.0.0, < 16.16.1≥ 17.0.0, < 17.9.2+1 more2021-02-19
CVE-2021-26713 [MEDIUM] CWE-787 CVE-2021-26713: A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
nvdosv
CVE-2021-46837P3MEDIUMCVSS 6.5≥ 16.0.0, < 16.16.2≥ 17.0.0, < 17.9.3+1 more2022-08-30
CVE-2021-46837 [MEDIUM] CVE-2021-46837: res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, a res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the sam
nvdosv
CVE-2006-2898P3HIGHCVSS 7.5v1.0.7v1.0.8+7 more2006-06-07
CVE-2006-2898 [HIGH] CWE-119 CVE-2006-2898: The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows r The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that on
nvdosv
CVE-2013-7100P4MEDIUMCVSS 5.0v1.8.17.0v1.8.18.0+23 more2013-12-19
CVE-2013-7100 [MEDIUM] CWE-119 CVE-2013-7100: Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1 Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of serv
nvdosv
CVE-2018-7287P3MEDIUMCVSS 5.9v15.0.0-beta1v15.0.0-rc1+12 more2018-02-22
CVE-2018-7287 [MEDIUM] CWE-754 CVE-2018-7287: An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
nvd
CVE-2020-35776P3MEDIUMCVSS 6.5≥ 13.0.0, ≤ 13.38.1≥ 16.0.0, ≤ 16.15.1+2 more2021-02-18
CVE-2020-35776 [MEDIUM] CWE-120 CVE-2020-35776: A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, an A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
nvdosv
CVE-2023-49786P4MEDIUMCVSS 5.9fixed in 18.20.1≥ 19.0.0, < 20.5.1+1 more2023-12-14
CVE-2023-49786 [MEDIUM] CWE-703 CVE-2023-49786: Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versi Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be
nvd
CVE-2019-7251P3MEDIUMCVSS 6.5≥ 15.0.0, < 15.7.2≥ 16.0.0, < 16.2.12019-03-28
CVE-2019-7251 [MEDIUM] CWE-190 CVE-2019-7251: An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk v An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.
nvdosv
CVE-2007-4103P4HIGHCVSS 7.5≥ 1.2.20, < 1.2.23≥ 1.4.0, < 1.4.92007-07-31
CVE-2007-4103 [HIGH] CWE-772 CVE-2007-4103: The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and As The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channe
nvdosv
CVE-2021-31878P4MEDIUMCVSS 6.5v16.17.0v16.18.0+4 more2021-07-30
CVE-2021-31878 [MEDIUM] CWE-617 CVE-2021-31878: An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVI An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
nvd
CVE-2006-1827P4MEDIUMCVSS 6.4≤ 1.2.6v0.1.0+36 more2006-04-18
CVE-2006-1827 [MEDIUM] CVE-2006-1827: Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to e Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.
nvdosv
CVE-2016-7550P4HIGHCVSS 7.5v13.10.02019-05-23
CVE-2016-7550 [HIGH] CWE-476 CVE-2016-7550: asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
nvdosv
CVE-2019-12827P3MEDIUMCVSS 6.5≥ 13.0.0, < 13.27.0≥ 15.0.0, < 15.7.2+1 more2019-07-12
CVE-2019-12827 [MEDIUM] CWE-787 CVE-2019-12827: Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16. Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
nvdosv
CVE-2019-15297P4MEDIUMCVSS 6.5≥ 15.0.0, ≤ 15.7.3≥ 16.0.0, ≤ 16.5.02019-09-09
CVE-2019-15297 [MEDIUM] CWE-476 CVE-2019-15297: res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to tr res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.
nvdosv
CVE-2007-6170P4MEDIUMCVSS 6.5≥ 1.2.0, < 1.2.25≥ 1.4.0, < 1.4.15+2 more2007-11-30
CVE-2007-6170 [MEDIUM] CWE-89 CVE-2007-6170: SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asteris SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
nvdosv
Digium Asterisk vulnerabilities | cvebase