Asterisk Buffer Overflow Vulnerability (CNVD-2023-9903086)

Asterisk is a software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk suffers from a buffer overflow vulnerability, which stems from the "update" function of the PJSIPHEADER dialplan function that may exceed the available buffer space for...

SUSE CVE-2007-4103

The IAX2 channel driver chaniax2 in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service resource exhaustion via a flood of calls that do not...

SUSE CVE-2008-1923

The IAX2 channel driver chaniax2 in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service traffic...

SUSE CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...

Asterisk SQL Injection Vulnerability

Asterisk is a PBX system software that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols.Asterisk suffers from a SQL injection vulnerability that can be exploited by attackers to cause user-supplied data to create corrupt SQL queries or possibly SQL injections...

DEBIAN-CVE-2021-32558

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur...

PT-2021-5541 · Asterisk +2 · Asterisk +2

Name of the Vulnerable Software and Affected Versions: Asterisk versions 13.x through 13.38.2 Asterisk versions 16.x through 16.19.0 Asterisk versions 17.x through 17.9.3 Asterisk versions 18.x through 18.5.0 Certified Asterisk versions prior to 16.8-cert10 Description: The issue is related to...

UBUNTU-CVE-2017-6470

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness...

DEBIAN-CVE-2017-6470

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness...

ALPINE-CVE-2017-6470

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness...

DEBIAN-CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

UBUNTU-CVE-2016-4081

epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service infinite loop via a crafted packet...

Asterisk <= 1.6 IAX 'POKE' Requests Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30321/info Asterisk is prone to a remote denial-of-service vulnerability because it fails to handle multiple 'POKE' requests in quick succession. Attackers can exploit this issue by sending a persistent stream of 'POKE'...

PT-2009-4777 · Sony Ericsson +1 · S800I +2

Name of the Vulnerable Software and Affected Versions: Asterisk Open Source versions 1.2.x through 1.2.34 Asterisk Open Source versions 1.4.x through 1.4.26.1 Asterisk Open Source versions 1.6.0.x through 1.6.0.14 Asterisk Open Source versions 1.6.1.x through 1.6.1.5 Asterisk Business Edition...

Asterisk IAX2 Resource Exhaustion via Attacked IAX Fuzzer

Exploit for multiple platform in category dos / poc ========================================================= Asterisk IAX2 Resource Exhaustion via Attacked IAX Fuzzer ========================================================= !/usr/bin/perl -w udp IAX protocol fuzzer Created: Blake Cornell Exploi...

DEBIAN-CVE-2008-5558

Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service crash via authentication attempts involving 1 an unknown user or 2 a user using hostname matching...

Asterisk DoS

Resources exhaustion on IAX request parsing...

Additional Unresolved Asterisk IAX 0day..

Hello Again, There is an additional Asterisk IAX Resource Exhaustion DoS 0day. http://www.voip0day.com/news/asterisk-nsfw/ http://securityscraper.com/ Be advised, Asterisk is not safe for work. Kind Regards, Blake Cornell...

Asterisk multiple DoS conditions

Application crashes on malformed IAX requests flood...

DEBIAN-CVE-2008-3264

The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers t...