Certified Asterisk@16.8 Security Vulnerabilities and Issues — Certified Asterisk@16.8 CVE List

Lucene search

DigiumCertified Asterisk16.8

7 matches found

CVE•added 2021/07/30 2:15 p.m.•221 views

CVE-2021-32558

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

7.5CVSS7.2AI score0.01214EPSS

CVE•added 2022/04/15 5:15 a.m.•150 views

CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. Thi...

9.8CVSS9.7AI score0.00159EPSS

CVE•added 2021/02/19 8:15 p.m.•127 views

CVE-2021-26713

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. ...

6.5CVSS6.4AI score0.00164EPSS

CVE•added 2021/02/18 8:15 p.m.•122 views

CVE-2021-26906

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Ast...

5.9CVSS5.5AI score0.00506EPSS

CVE•added 2021/02/18 9:15 p.m.•112 views

CVE-2021-26712

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

7.5CVSS7.4AI score0.01654EPSS

CVE•added 2021/02/18 8:15 p.m.•97 views

CVE-2021-26717

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this hap...

7.5CVSS7.4AI score0.0044EPSS

CVE•added 2020/11/06 7:15 p.m.•96 views

CVE-2020-28327

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This cau...

5.3CVSS5.3AI score0.02764EPSS