Asterisk 代码问题漏洞

Asterisk is a software for PBX systems developed by Asterisk OpenSource. It runs on Linux systems and supports IP calls using SIP, IAX, and H323 protocols. There were code vulnerabilities in versions prior to 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. These vulnerabilities stemmed from...

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

ROS-20251106-06

Vulnerabilities in Asterisk management systems are related to improper management of internal resources of the of the application. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

[SECURITY] [DLA 4326-1] asterisk security update

Debian LTS Advisory DLA-4326-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 10, 2025 https://wiki.debian.org/LTS Package : asterisk Version : 1:16.28.0dfsg-0+deb11u8 CVE ID : CVE-2025-1131 CVE-2025-54995 Two security vulnerabilities have been discovered...

EUVD-2011-1161

Malware in sbrugna...

EUVD-2008-3889

Malware in sbrugna...

EUVD-2011-1599

Malware in sbrugna...

EUVD-2006-4334

Malware in sbrugna...

CVE-2025-49832 Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

CVE-2025-49832 Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation

Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in asterisk/res/resstirshaken /verification.c that can be...

PT-2025-22513 · Sangoma +1 · Asterisk +2

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 18.26.2 Asterisk versions prior to 20.14.1 Asterisk versions prior to 21.9.1 Asterisk versions prior to 22.4.1 certified-asterisk versions prior to 18.9-cert14 certified-asterisk versions prior to 20.7-cert5...

GLSA-202412-03 : Asterisk: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202412-03 Asterisk: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...

Asterisk: Multiple Vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...

Ubuntu 16.04 ESM : Asterisk vulnerabilities (USN-4814-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4814-1 advisory. Richard Mudgett discovered that Asterisk did not properly check the length of input string when setting the user field for PartyB on a CDR. A remote...

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in Asterisk and Certified Asterisk. These vulnerabilities potentially allow a malicious party to perform an SQL injection attack, issue arbitrary requests or download send arbitrary requests or download larger than allowed files. Asterisk has made updates available...

Vulnerabilities fixed in Asterisk

Vulnerabilities have been fixed in the Asterisk framework. The vulnerabilities potentially allow a malicious party to cause a denial-of-service or execute arbitrary code. Asterisk indicates that proof-of-concept code is in circulation from these vulnerabilities. Asterisk has made updates availabl...

Vulnerabilities fixed in Asterisk

New versions of Asterisk have been released, in which two vulnerabilities have been fixed. A malicious party could vulnerabilities potentially exploit them to cause a denial-of-service cause. Asterisk has released updates to address the vulnerabilities. fixes. For more information, see:...

CVE-2014-6610

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the resfaxspandsp module, allows remote authenticated users to cause a denial of service crash via an out of call message, which is not properly handled in the ReceiveFax...

CVE-2014-8417

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to 1 gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or 2 execute arbitrary system...

FreeBSD : asterisk -- Multiple vulnerabilities (a92ed304-716c-11e4-b008-001999f8d30b)

The Asterisk project reports : AST-2014-012 - Mixed IP address families in access control lists may permit unwanted traffic. AST-2014-018 - AMI permission escalation through DB dialplan function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...