CVE-2025-54995

CVE-2025-54995 affects Asterisk (open source private branch exchange). The vulnerability arises from a lack of session termination, allowing RTP UDP ports and internal resources to leak, which could lead to resource exhaustion. Debian and other advisories state this was fixed in Asterisk versions...

Asterisk 安全漏洞

Asterisk is an Asterisk open source software for PBX systems that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 18.26.4 and versions prior to 18.9-cert17 have a security vulnerability that stems from a lack of session termination, which could lead to the...

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

DEBIAN-CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

Code injection

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

CVE-2015-1558

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service file descriptor consumption via an SDP offer containing only incompatible codecs...

Asterisk chan_pjsip Incompatible Codecs DoS (AST-2015-001)

According to its SIP banner, the version of Asterisk running on the remote host has a flaw in which it fails to reclaim allocated RTP ports whenever a connection is made to an authenticated endpoint whose SPD offers only codecs that are not allowed by Asterisk. An attacker could exploit this...

FreeBSD : asterisk -- File descriptor leak when incompatible codecs are offered (2eeb6652-a7a6-11e4-96ba-001999f8d30b)

The Asterisk project reports : Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP...

GLSA-201209-15 : Asterisk: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201209-15 Asterisk: Multiple vulnerabilities Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access CVE-2012-2186. An error in Asterisk could cause all RTP ports to be exhausted...

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and toolkit. Description Multiple vulnerabilities have been found in Asterisk: An error in manager.c allows shell access CVE-2012-2186. An error in Asterisk could cause all RTP ports to be exhausted CVE-2012-3812. A double-free error could...

Asterisk Endpoint Provisional Response Parsing RTP Port Consumption Remote DoS (AST-2012-010)

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to exhaust the server of resources. If an endpoint sends a provisional response to the server's re-INVITE...