Lucene search

Asterisk Security Vulnerabilities - 2023

cve

CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space ...

8.2CVSS

7.7AI Score

0.001EPSS

2023-12-14 08:15 PM

cve

CVE-2023-49294

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously is not enabled. This allows arbitrary file...

7.5CVSS

7.3AI Score

0.001EPSS

2023-12-14 08:15 PM

cve

CVE-2023-49786

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when han...

7.5CVSS

6.2AI Score

0.005EPSS

2023-12-14 08:15 PM