Asterisk Security Vulnerabilities and Issues — Asterisk CVE List

Lucene search

DigiumAsterisk

8 matches found

CVE•added 2021/07/30 2:15 p.m.•221 views

CVE-2021-32558

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

7.5CVSS7.2AI score0.01214EPSS

CVE•added 2021/02/19 8:15 p.m.•127 views

CVE-2021-26713

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. ...

6.5CVSS6.4AI score0.00164EPSS

CVE•added 2021/02/18 8:15 p.m.•122 views

CVE-2021-26906

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Ast...

5.9CVSS5.5AI score0.00506EPSS

CVE•added 2021/02/18 9:15 p.m.•112 views

CVE-2021-26712

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

7.5CVSS7.4AI score0.01654EPSS

CVE•added 2021/02/18 8:15 p.m.•107 views

CVE-2020-35776

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

6.5CVSS6.5AI score0.001EPSS

CVE•added 2021/02/18 8:15 p.m.•97 views

CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this hap...

7.5CVSS7.4AI score0.0044EPSS

CVE•added 2021/01/29 8:15 a.m.•85 views

CVE-2020-35652

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is recei...

6.5CVSS6.3AI score0.00114EPSS

CVE•added 2021/07/30 2:15 p.m.•80 views

CVE-2021-31878

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

6.5CVSS6.3AI score0.00297EPSS