11 matches found
CVE-2024-42365
CVE-2024-42365 affects Asterisk prior to 18.24.2, 20.9.2, and 21.4.2 (and their certified-asterisk variants 18.9-cert11 and 20.7-cert2). An AMI user with write=originate can curl remote files and write them to disk, and can also append to existing files via the FILE function inside the SET applic...
CVE-2022-23608
CVE-2022-23608 affects PJSIP/pjproject up to version 2.11.1. In a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can be prematurely freed when a dialog is destroyed, causing the same dialog set to be registered in the hash table multiple times with different hash keys...
CVE-2012-2948
CVE-2012-2948 affects the Skinny (SCCP) channel driver (chan_skinny.c) in Asterisk. The vulnerability lets remote authenticated users trigger a NULL pointer dereference that can crash the daemon by closing a connection in off-hook mode. Affected releases include Certified Asterisk 1.8.11-cert bef...
CVE-2022-21723
CVE-2022-21723 affects PJSIP (pjproject) up to version 2.11.1. The issue arises when parsing an incoming SIP message that contains a malformed multipart, which can lead to an out-of-bounds read access. The vulnerability impacts all PJSIP users that accept SIP multipart. A patch has been committed...
CVE-2021-37706
CVE-2021-37706 affects the pjproject/PJSIP stack embedded in various products. If an incoming STUN message contains an ERROR-CODE attribute, the code path does not check the header length before a subtraction, enabling an integer underflow that could let a malicious actor remotely execute code vi...
CVE-2020-28242
CVE-2020-28242 affects Asterisk Open Source: 13.x < 13.37.1, 16.x < 16.14.1, 17.x < 17.8.1, 18.x < 18.0.1, and Certified Asterisk
CVE-2021-46837
CVE-2021-46837 affects res_pjsip_t38 in Sangoma Asterisk 16.x prior to 16.16.2, 17.x prior to 17.9.3, 18.x prior to 18.2.2, and Certified Asterisk before 16.8-cert7. A crash can be triggered by an m=image line with zero port in a response to a T.38 re-invite initiated by Asterisk; the crash is du...
CVE-2013-2686
CVE-2013-2686 affects Asterisk Open Source HTTP server: main/http.c does not properly restrict Content-Length, enabling stack-consumption DoS via crafted HTTP POST. Affected: Asterisk 1.8.x before 1.8.20.2; 10.x before 10.12.2; 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; As...
CVE-2012-2186
CVE-2012-2186 affects Asterisk Open Source in 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6. The flaw is an incomplete blacklist ...
CVE-2013-2264
CVE-2013-2264 affects the SIP Channel Driver in Asterisk Open Source (1.8.x up to 1.8.20.2, 10.x up to 10.12.2, 11.x up to 11.2.2; Cert. Asterisk 1.8.15 up to 1.8.15-cert2; BE C.3.x up to C.3.8.1; Digiumphones 10.x up to 10.12.2-digiumphones) and enables remote enumeration of account names by obs...
CVE-2017-9358
CVE-2017-9358 describes a memory exhaustion vulnerability in Asterisk Open Source. Affected versions are Asterisk Open Source 13.x before 13.15.1, 14.x before 14.4.1, and Certified Asterisk 13.13 before 13.13-cert4. The issue is triggered by specially crafted SCCP packets that cause an infinite l...