Lucene search
K
DigiumCertified Asterisk

51 matches found

CVE
CVE
added 2019/07/12 7:24 p.m.398 views

CVE-2019-13161

CVE-2019-13161 affects Asterisk Open Source (through 13.x/14.x/15.x/16.x and Certified Asterisk up to 13.21-cert3). The issue is a pointer dereference in chan_sip during SDP negotiation, which can crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. Exploitation requires forc...

5.3CVSS5.3AI score0.04031EPSS
CVE
CVE
added 2019/07/12 7:19 p.m.359 views

CVE-2019-12827

CVE-2019-12827 : Buffer overflow in Digium Asterisk’s res_pjsip_messaging (versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier) can be triggered by a specially crafted SIP MESSAGE, allowing remote authenticated users to crash Asterisk. The issue is a memory boundary violation in the res_pjs...

6.5CVSS5.6AI score0.04235EPSS
CVE
CVE
added 2019/11/22 5:31 p.m.320 views

CVE-2019-18610

CVE-2019-18610 affects Sangoma Asterisk: a vulnerability in manager.c allows a remote authenticated Asterisk Manager Interface (AMI) user with no system authorization to execute arbitrary commands via a crafted Originate AMI request. Affected are Asterisk up to 13.x, 16.x, 17.x and Certified Aste...

9CVSS8.5AI score0.29645EPSS
CVE
CVE
added 2021/07/27 5:19 a.m.242 views

CVE-2021-32558

The CVE-2021-32558 issue affects Sangoma Asterisk and Certified Asterisk: IAX2 channel driver may crash when receiving a packet with an unsupported media format. Affected versions include Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, 18.x before 18.5.1, and Certified Aste...

7.5CVSS7.2AI score0.0911EPSS
CVE
CVE
added 2019/11/22 4:22 p.m.178 views

CVE-2019-18790

CVE-2019-18790ffects Sangoma Asterisk chan_sip.c: a SIP request can alter a peer’s IP address to hijack calls. Affected: Asterisk 13.x <13.29.2, 16.x <16.6.2, 17.x <17.0.1; Certified Asterisk

6.5CVSS6.5AI score0.02047EPSS
CVE
CVE
added 2022/04/15 12:0 a.m.177 views

CVE-2022-26651

The CVE-2022-26651 issue affects Asterisk through 19.x and Certified Asterisk through 16.8-cert13, in the func_odbc module, where inadequate escaping for backslash characters in SQL queries can cause user-provided data to create broken or injectable SQL. The documented impact includes potential i...

9.8CVSS9.7AI score0.06976EPSS
CVE
CVE
added 2013/09/09 5:0 p.m.169 views

CVE-2013-5642

CVE-2013-5642 affects Asterisk and related builds (Open Source 1.8.x up to 1.8.23.1, 10.x up to 10.12.3, 11.x up to 11.5.1; Certified Asterisk 1.8.15 up to 1.8.15-cert3 and 11.2 up to 11.2-cert2; Asterisk Digiumphones 10.x-digiumphones up to 10.12.3-digiumphones). The vulnerability is a remote de...

5CVSS6.3AI score0.11653EPSS
CVE
CVE
added 2013/09/09 5:0 p.m.161 views

CVE-2013-5641

CVE-2013-5641 affects Asterisk SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x–1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 (Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2). The vulnerability allows remote attackers to cause a deni...

5CVSS6.4AI score0.04111EPSS
CVE
CVE
added 2017/09/02 4:0 p.m.158 views

CVE-2017-14100

CVE-2017-14100 is a remote command execution vulnerability in Asterisk versions: 11.x before 11.25.2, 13.x before 13.17.1, 14.x before 14.6.1, and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5. It is caused by the app_minivm module’s externnotify option used by the Minivm...

9.8CVSS9.5AI score0.14907EPSS
CVE
CVE
added 2021/02/19 7:30 p.m.152 views

CVE-2021-26713

CVE-2021-26713 affects Sangoma Asterisk: a stack-based buffer overflow in res_rtp_asterisk.c allows an authenticated WebRTC client to crash Asterisk by rapidly issuing multiple hold/unhold requests. Root cause is a signedness comparison mismatch. Affected revisions: Sangoma Asterisk before 16.16....

6.5CVSS6.4AI score0.01845EPSS
CVE
CVE
added 2021/02/18 7:50 p.m.143 views

CVE-2021-26906

The CVE-2021-26906 entry describes an SDP negotiation vulnerability in PJSIP within Digium Asterisk (and Certified Asterisk) up to specific older branches, allowing a remote server to potentially crash Asterisk by sending SIP responses that trigger an SDP negotiation failure. Affected products in...

5.9CVSS5.5AI score0.02547EPSS
CVE
CVE
added 2014/11/24 3:0 p.m.136 views

CVE-2014-8418

CVE-2014-8418 affects Asterisk Open Source: DB dialplan function allows remote authenticated users to gain privileges via a call from an external protocol (AMI). Affected: 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, 13.x before 13.0.1; Certified Asterisk 1.8.x before 1.8.28-cer...

9CVSS6.3AI score0.03575EPSS
CVE
CVE
added 2021/02/18 8:10 p.m.129 views

CVE-2021-26712

CVE-2021-26712 describes a flaw in res_srtp.c in Sangoma Asterisk versions 13.38.1, 16.16.0, 17.9.1, 18.2.0 and Certified Asterisk 16.8-cert5 where an unauthenticated remote attacker can prematurely terminate secure calls by replaying SRTP packets. The connected records confirm the affected produ...

7.5CVSS7.4AI score0.03587EPSS
CVE
CVE
added 2018/02/22 12:0 a.m.125 views

CVE-2018-7284

CVE-2018-7284 affects Asterisk and Certified Asterisk; during SUBSCRIBE, res_pjsip_pubsub does not cap Accept headers (limit 32) and can write outside memory, causing a crash. Affected: 13.x–15.x releases (precise bounds in sources). Exploitation details exist (Exploit-DB), with vendor advisories...

7.5CVSS7.4AI score0.58284EPSS
CVE
CVE
added 2017/12/02 12:0 a.m.124 views

CVE-2017-17090

CVE-2017-17090 affects the chan_skinny (SCCP) driver in Asterisk, where flooding the channel driver with certain requests can exhaust VM memory and cause the process to stop handling requests. Public details include both exploitation references (Exploit-DB entry for 13.17.2) and multiple vendor a...

7.5CVSS7.3AI score0.81511EPSS
CVE
CVE
added 2019/11/22 4:59 p.m.117 views

CVE-2019-18976

CVE-2019-18976 affects Sangoma Asterisk and Certified Asterisk up to 13.x; a NULL pointer dereference and crash can occur when receiving a re-invite that initiates T.38 faxing if the SDP has a port of 0 and no c-line. Public details confirm the affected file is res_pjsip_t38.c and the issue is a ...

7.5CVSS7.4AI score0.06677EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.115 views

CVE-2015-3008

CVE-2015-3008 affects Asterisk Open Source: 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, 13.x before 13.3.2, and Certified Asterisk equivalents (e.g., 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, 13.1 before 13.1-cert2). Root cause: improper handling of a null byte in the...

4.3CVSS7.1AI score0.46156EPSS
CVE
CVE
added 2021/02/18 7:39 p.m.115 views

CVE-2021-26717

The CVE-2021-26717 issue affects Sangoma Asterisk: 16.x before 16.16.1, 17.x before 17.9.2, 18.x before 18.2.1, and Certified Asterisk before 16.8-cert6. During T.38 renegotiation, if the initial remote response is delayed, Asterisk may send both audio and T.38 in the SDP; if the remote answers w...

7.5CVSS7.4AI score0.02177EPSS
CVE
CVE
added 2020/11/06 6:8 p.m.114 views

CVE-2020-28327

A vulnerability in Asterisk’s SIP handling (res_pjsip_session) can crash the process when a new SIP Invite is processed. The issue arises from a gap between dialog object creation and its next use, potentially allowing another thread to free the dialog and leading to a crash on dereference. Affec...

5.3CVSS5.3AI score0.01969EPSS
CVE
CVE
added 2017/11/09 12:0 a.m.112 views

CVE-2017-16672

CVE-2017-16672 affects Asterisk Open Source: memory leak in pjsip session objects when a call is rejected before establishment. Affected versions: Asterisk 13 prior to 13.18.1; 14 prior to 14.7.1; 15 prior to 15.1.1; Certified Asterisk 13.13 prior to 13.13-cert7. Impact: potential memory exhausti...

5.9CVSS6.8AI score0.04678EPSS
CVE
CVE
added 2018/02/22 12:0 a.m.108 views

CVE-2018-7286

CVE-2018-7286 affects Asterisk and Certified Asterisk prior to vendor patches: res_pjsip accepts a sequence of SIP INVITE messages over TCP/TLS from an authenticated remote user, then the connection is abruptly closed, causing a segmentation fault (DoS). Affected: Asterisk versions up to 13.19.1,...

6.5CVSS6.4AI score0.38858EPSS
CVE
CVE
added 2013/01/04 11:0 a.m.106 views

CVE-2012-5976

CVE-2012-5976 describes stack-consumption vulnerabilities in Asterisk Open Source where parsing of TCP-based protocols (SIP, HTTP, XMPP) could be exploited to crash the daemon. Affected: Asterisk 1.8.x before 1.8.19.1, 10.x before 10.11.1, 11.x before 11.1.2; and corresponding Certified Asterisk ...

5CVSS6.7AI score0.03032EPSS
CVE
CVE
added 2014/04/18 7:0 p.m.103 views

CVE-2014-2287

CVE-2014-2287 affects Asterisk chan_sip in 1.8.x prior to 1.8.26.1, 11.8.x prior to 11.8.1, and 12.1.x prior to 12.1.1, plus certain Certified Asterisk builds. A remote authenticated user can cause a denial of service by sending an INVITE with a malformed or invalid Session-Expires or Min-SE head...

3.5CVSS7AI score0.02464EPSS
CVE
CVE
added 2018/06/12 4:0 a.m.103 views

CVE-2018-12227

CVE-2018-12227 affects Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 (including Certified Asterisk 13.18-cert4/13.21-cert2). The issue is an information-disclosure in SIP ACL handling: when endpoint-specific ACLs block a request, a 403 is returned; if the en...

5.3CVSS5.6AI score0.03532EPSS
CVE
CVE
added 2017/09/02 4:0 p.m.102 views

CVE-2017-14099

CVE-2017-14099 affects Asterisk 11.x (before 11.25.2), 13.x (before 13.17.1) and 14.x (before 14.6.1), including Certified Asterisk, with unauthorized data disclosure via RTP media hijacking when strict RTP, NAT, and symmetric RTP are combined. Root cause: changes to strict RTP handling allowed l...

7.5CVSS8.1AI score0.0433EPSS
CVE
CVE
added 2017/10/09 2:0 p.m.102 views

CVE-2017-14603

CVE-2017-14603 affects Asterisk 11.x prior to 11.25.3, 13.x prior to 13.17.2, and 14.x prior to 14.6.2 (plus Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6). The issue is insufficient RTCP packet validation, which can allow reading stale buffer contents and, when combined ...

7.5CVSS7.5AI score0.03156EPSS
CVE
CVE
added 2018/09/24 10:0 p.m.101 views

CVE-2018-17281

CVE-2018-17281 affects the Asterisk res_http_websocket.so module and allows an attacker to crash Asterisk by sending a crafted HTTP Upgrade request to websocket. Affected: Asterisk up to 13.23.0, 14.7.x up to 14.7.7, 15.x up to 15.6.0, and Certified Asterisk up to 13.21-cert2. Consequences: denia...

7.5CVSS7.3AI score0.53381EPSS
CVE
CVE
added 2017/04/17 4:0 p.m.100 views

CVE-2016-7551

CVE-2016-7551 affects Asterisk Open Source 11.x (before 11.23.1) and 13.x (before 13.11.1), as well as Certified Asterisk 11.6 (before 11.6-cert15) and 13.8 (before 13.8-cert3). The vulnerability in chain_sip allows remote attackers to cause a denial of service via port exhaustion. The available ...

7.5CVSS7.2AI score0.05468EPSS
CVE
CVE
added 2017/12/23 12:0 a.m.100 views

CVE-2017-17850

CVE-2017-17850 affects Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. If a SIP request creates a dialog and the SIP contact header is missing while using the PJSIP channel driver, Asterisk may crash. Authentication reduces risk by requiring prior author...

7.5CVSS7.4AI score0.75351EPSS
CVE
CVE
added 2013/12/19 10:0 p.m.98 views

CVE-2013-7100

The connected MGASA-2014-0171 advisory provides concrete details for CVE-2013-7100: Asterisk before 11.6.1 decodes a 16‑bit SMS message with an odd length in the unpacksms16 function, causing an infinite loop and a crash due to memory corruption (buffer overflow). This is the root cause and the i...

5CVSS6.6AI score0.14715EPSS
CVE
CVE
added 2014/06/17 2:0 p.m.97 views

CVE-2014-4047

CVE-2014-4047 signature in Asterisk describes a remote denial-of-service due to exhaustion of HTTP sessions caused by a large number of TCP connections. Affected products include Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1, plus Certified Asterisk 1.8.1...

5CVSS6.5AI score0.0491EPSS
CVE
CVE
added 2016/02/22 3:5 p.m.96 views

CVE-2016-2316

CVE-2016-2316 affects Asterisk Open Source and Certified Asterisk: chan_sip allows remote denial of service when timert1 in sip.conf > 1245, via large retransmit timeout values. Affected: Asterisk 1.8.x; 11.x before 11.21.1; 12.x; 13.x before 13.7.1; Certified Asterisk 1.8.28; 11.6 before 11.6...

7.1CVSS5.6AI score0.04973EPSS
CVE
CVE
added 2017/04/10 2:0 p.m.95 views

CVE-2017-7617

CVE-2017-7617 affects Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1, and Certified Asterisk 13.13 before 13.13-cert3. The issue is a buffer overflow in the CDR user field (in Party A context for the CDR and related to X-ClientCode in chan_sip), enabling remote code execution. Im...

8.8CVSS8.9AI score0.06243EPSS
CVE
CVE
added 2017/11/09 12:0 a.m.94 views

CVE-2017-16671

CVE-2017-16671 affects Asterisk Open Source 13.x (<13.18.1), 14.x (<14.7.1), 15.x (<15.1.1) and Certified Asterisk 13.13 (=13.23.1, and FreeBSD/FreeBSD-based advisories mirror the fix trajectory. If exploiting, an attacker could trigger overflow via crafted CDR updates. No exploitation s...

8.8CVSS8.5AI score0.03344EPSS
CVE
CVE
added 2014/11/26 3:0 p.m.91 views

CVE-2014-6610

CVE-2014-6610 affects Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1, and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module. A remote authenticated user can crash the system via an out-of-call message, caused by improper handling in the ReceiveFax d...

4CVSS3.7AI score0.01518EPSS
CVE
CVE
added 2016/12/12 9:0 p.m.89 views

CVE-2016-9938

CVE-2016-9938 affects Asterisk Open Source chan_sip: improper stripping of non‑printable ASCII whitespace between SIP header name and a colon allows certain To/header combinations to bypass authentication when used with an authenticating SIP proxy. Affected: 11.x < 11.25.1, 13.x < 13.13.1, ...

5.3CVSS5.3AI score0.03429EPSS
CVE
CVE
added 2017/12/13 8:0 p.m.88 views

CVE-2017-17664

CVE-2017-17664 affects Asterisk Open Source: 13.x before 13.18.4, 14.x before 14.7.4, 15.x before 15.1.4, and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets trigger a crash in the RTCP stack, resulting in a remote crash/DoS condition. The connected sources indicate upstream ...

5.9CVSS5.9AI score0.32431EPSS
CVE
CVE
added 2013/01/04 3:0 p.m.86 views

CVE-2012-5977

CVE-2012-5977 affects Asterisk Open Source 1.8.x <1.8.19.1, 10.x <10.11.1, 11.x <11.1.2 and Certified Asterisk 1.8.11<1.8.11-cert10, plus Asterisk Digiumphones 10.x=1.8.19.1, 10.x >=10.11.1, or 11.x >=11.1.2 (as applicable). Exploitation details or in-the-wild status are not pro...

4.3CVSS6.4AI score0.02106EPSS
CVE
CVE
added 2014/04/18 7:0 p.m.83 views

CVE-2014-2286

CVE-2014-2286 affects Asterisk Open Source by vulnerable main/http.c in 1.8.x <1.8.26.1, 11.8.x <11.8.1, and 12.1.x <12.1.1 (and Certified Asterisk

7.5CVSS7.6AI score0.1639EPSS
CVE
CVE
added 2014/11/24 3:0 p.m.83 views

CVE-2014-8412

CVE-2014-8412 affects Asterisk Open Source and Certified Asterisk: 1.8.x (before 1.8.32.1), 11.x (before 11.14.1), 12.x (before 12.7.1), 13.x (before 13.0.1); Certified Asterisk 1.8.28 (before 1.8.28-cert3) and 11.6 (before 11.6-cert8). The vulnerability is a bypass of ACL restrictions in the VoI...

5CVSS6.4AI score0.02732EPSS
CVE
CVE
added 2016/02/22 3:5 p.m.82 views

CVE-2016-2232

CVE-2016-2232 affects Asterisk Open Source: vulnerable are Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1, and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3. The issue is a denial of service caused by an uninitialized pointer derefer...

6.5CVSS6.2AI score0.05079EPSS
CVE
CVE
added 2012/06/02 3:0 p.m.81 views

CVE-2012-2947

CVE-2012-2947 affects the IAX2 channel driver in Asterisk: when mohinterpret is enabled, a remote attacker placing a call on hold can crash the daemon (DoS). Affected: Certified Asterisk 1.8.11-cert before 1.8.11-cert2; Asterisk Open Source 1.8.x before 1.8.12.1; Asterisk 10.x before 10.4.1. Root...

2.6CVSS6.3AI score0.02333EPSS
CVE
CVE
added 2012/07/09 10:0 p.m.78 views

CVE-2012-3812

CVE-2012-3812 is a double-free vulnerability in Asterisk voicemail handling that can be abused by remote authenticated users to crash the daemon when accessing both Urgent and INBOX mailboxes. Affected products and versions: Asterisk Open Source 1.8.x prior to 1.8.13.1; Asterisk Open Source 10.x ...

4CVSS6.1AI score0.03197EPSS
CVE
CVE
added 2014/12/12 3:0 p.m.78 views

CVE-2014-9374

CVE-2014-9374: A double free vulnerability in Asterisk’s WebSocket Server (res_http_websocket) can crash remote servers by processing a zero-length frame after a non-zero-length frame. Affected: Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, 13.x before 13.0.2, and Certified Asteri...

5CVSS6.5AI score0.09525EPSS
CVE
CVE
added 2014/06/17 2:0 p.m.76 views

CVE-2014-4046

CVE-2014-4046 affects Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1, plus Certified Asterisk 11.6 before 11.6-cert3, allowing remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action. Public advisories (Debian DLA-455-1, Mageia MGASA-2014-03...

6.5CVSS7.1AI score0.05679EPSS
CVE
CVE
added 2014/11/24 3:0 p.m.75 views

CVE-2014-8417

CVE-2014-8417 affects Asterisk’s ConfBridge: remote authenticated users can escalate privileges via the external protocol to the CONFBRIDGE dialplan function or run arbitrary commands via a crafted ConfbridgeStartRecord AMI action. Affected: Asterisk 11.x pre-11.14.1, 12.x pre-12.7.1, 13.x pre-13...

6.5CVSS7.2AI score0.02357EPSS
CVE
CVE
added 2012/07/09 10:0 a.m.74 views

CVE-2012-3863

CVE-2012-3863 affects Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2 (also in various packaged releases such as Certified Asterisk and Digiumphones) due to improper handling of a provisional SIP reINVITE response in channels/chan_sip.c. This can allow remote authenticated users...

4CVSS6.1AI score0.03197EPSS
CVE
CVE
added 2012/08/31 2:0 p.m.69 views

CVE-2012-4737

CVE-2012-4737 affects Asterisk Open Source 1.8.x prior to 1.8.15.1 and 10.x prior to 10.7.1 (also affected Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x, and Asterisk Business Edition C.3.x before C.3.7.6). The vulnerability arises because ACL rules are not enforced du...

6CVSS6.1AI score0.0149EPSS
CVE
CVE
added 2014/11/24 3:0 p.m.68 views

CVE-2014-8414

CVE-2014-8414 affects Asterisk 11.x (before 11.14.1) and Certified Asterisk 11.6 (before 11.6-cert8). The issue arises in ConfBridge where state changes are not handled correctly, allowing remote attackers to trigger a denial of service by delaying state transitions, causing the channel to hang a...

5CVSS6.5AI score0.02342EPSS
CVE
CVE
added 2017/06/02 2:0 p.m.67 views

CVE-2017-9372

The CVE-2017-9372 entry affects PJSIP/PJProject used in Asterisk Open Source (13.x before 13.15.1, 14.x before 14.4.1) and Certified Asterisk (13.13 before 13.13-cert4). The issue allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a ...

7.5CVSS7.2AI score0.03989EPSS
Total number of security vulnerabilities51