Lucene search
K
AsteriskCertified Asterisk

11 matches found

CVE
CVE
added 2024/08/08 4:29 p.m.255 views

CVE-2024-42365

CVE-2024-42365 affects Asterisk prior to 18.24.2, 20.9.2, and 21.4.2 (and their certified-asterisk variants 18.9-cert11 and 20.7-cert2). An AMI user with write=originate can curl remote files and write them to disk, and can also append to existing files via the FILE function inside the SET applic...

8.8CVSS7.9AI score0.04703EPSS
CVE
CVE
added 2022/02/22 12:0 a.m.191 views

CVE-2022-23608

CVE-2022-23608 affects PJSIP/pjproject up to version 2.11.1. In a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can be prematurely freed when a dialog is destroyed, causing the same dialog set to be registered in the hash table multiple times with different hash keys...

9.8CVSS8.7AI score0.03993EPSS
CVE
CVE
added 2012/06/02 3:0 p.m.189 views

CVE-2012-2948

CVE-2012-2948 affects the Skinny (SCCP) channel driver (chan_skinny.c) in Asterisk. The vulnerability lets remote authenticated users trigger a NULL pointer dereference that can crash the daemon by closing a connection in off-hook mode. Affected releases include Certified Asterisk 1.8.11-cert bef...

4CVSS6AI score0.02143EPSS
CVE
CVE
added 2022/01/27 12:0 a.m.183 views

CVE-2022-21723

CVE-2022-21723 affects PJSIP (pjproject) up to version 2.11.1. The issue arises when parsing an incoming SIP message that contains a malformed multipart, which can lead to an out-of-bounds read access. The vulnerability impacts all PJSIP users that accept SIP multipart. A patch has been committed...

9.1CVSS9.3AI score0.04478EPSS
CVE
CVE
added 2021/12/22 12:0 a.m.150 views

CVE-2021-37706

CVE-2021-37706 affects the pjproject/PJSIP stack embedded in various products. If an incoming STUN message contains an ERROR-CODE attribute, the code path does not check the header length before a subtraction, enabling an integer underflow that could let a malicious actor remotely execute code vi...

9.8CVSS8.6AI score0.0462EPSS
CVE
CVE
added 2020/11/06 5:2 a.m.128 views

CVE-2020-28242

CVE-2020-28242 affects Asterisk Open Source: 13.x < 13.37.1, 16.x < 16.14.1, 17.x < 17.8.1, 18.x < 18.0.1, and Certified Asterisk

6.5CVSS6.6AI score0.0154EPSS
CVE
CVE
added 2022/08/30 12:0 a.m.83 views

CVE-2021-46837

CVE-2021-46837 affects res_pjsip_t38 in Sangoma Asterisk 16.x prior to 16.16.2, 17.x prior to 17.9.3, 18.x prior to 18.2.2, and Certified Asterisk before 16.8-cert7. A crash can be triggered by an m=image line with zero port in a response to a T.38 re-invite initiated by Asterisk; the crash is du...

6.5CVSS6.3AI score0.01818EPSS
CVE
CVE
added 2013/03/29 6:0 p.m.80 views

CVE-2013-2686

CVE-2013-2686 affects Asterisk Open Source HTTP server: main/http.c does not properly restrict Content-Length, enabling stack-consumption DoS via crafted HTTP POST. Affected: Asterisk 1.8.x before 1.8.20.2; 10.x before 10.12.2; 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; As...

5CVSS6.3AI score0.02126EPSS
CVE
CVE
added 2012/08/31 2:0 p.m.75 views

CVE-2012-2186

CVE-2012-2186 affects Asterisk Open Source in 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6. The flaw is an incomplete blacklist ...

9CVSS7.1AI score0.03558EPSS
CVE
CVE
added 2013/03/29 6:0 p.m.66 views

CVE-2013-2264

CVE-2013-2264 affects the SIP Channel Driver in Asterisk Open Source (1.8.x up to 1.8.20.2, 10.x up to 10.12.2, 11.x up to 11.2.2; Cert. Asterisk 1.8.15 up to 1.8.15-cert2; BE C.3.x up to C.3.8.1; Digiumphones 10.x up to 10.12.2-digiumphones) and enables remote enumeration of account names by obs...

5CVSS6.4AI score0.01252EPSS
CVE
CVE
added 2017/06/02 5:4 a.m.65 views

CVE-2017-9358

CVE-2017-9358 describes a memory exhaustion vulnerability in Asterisk Open Source. Affected versions are Asterisk Open Source 13.x before 13.15.1, 14.x before 14.4.1, and Certified Asterisk 13.13 before 13.13-cert4. The issue is triggered by specially crafted SCCP packets that cause an infinite l...

7.5CVSS7.3AI score0.02819EPSS