Package Instance

reference_id

dsa-5358

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

reference_url

reference_id

msg00029.html

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-42706

risk_score 2.2

exploitability 0.5

weighted_severity 4.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26cq-wj3k-fqb9

url VCID-285z-mgz1-q7cd

vulnerability_id VCID-285z-mgz1-q7cd

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23537

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.62481
published_at	2026-06-11T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62595
published_at	2026-06-13T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62582
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id	1032092
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092

reference_url

https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1

reference_id

d8440f4d711a654b511f50f79c0445b26f9dd1e1

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/

url

https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w

reference_id

GHSA-9pfh-r8x4-w26w

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-23537

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-285z-mgz1-q7cd

url VCID-3azv-xr5c-ckcf

vulnerability_id VCID-3azv-xr5c-ckcf

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43845

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52366
published_at	2026-06-11T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52494
published_at	2026-06-12T12:55:00Z

value	0.00285
scoring_system	epss
scoring_elements	0.52507
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43845

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3azv-xr5c-ckcf

url VCID-41pk-9azt-hqdx

vulnerability_id VCID-41pk-9azt-hqdx

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43804

reference_id

reference_type

scores

value	0.003
scoring_system	epss
scoring_elements	0.53748
published_at	2026-06-11T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53874
published_at	2026-06-12T12:55:00Z

value	0.003
scoring_system	epss
scoring_elements	0.53891
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43804

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41pk-9azt-hqdx

url VCID-4ty4-xrdd-2kee

vulnerability_id VCID-4ty4-xrdd-2kee

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39269

reference_id

reference_type

scores

value	0.0017
scoring_system	epss
scoring_elements	0.37981
published_at	2026-06-11T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38157
published_at	2026-06-12T12:55:00Z

value	0.0017
scoring_system	epss
scoring_elements	0.38183
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id	1032092
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-39269

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty4-xrdd-2kee

url VCID-546z-qwur-13h1

vulnerability_id VCID-546z-qwur-13h1

summary PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24793

reference_id

reference_type

scores

value	0.00472
scoring_system	epss
scoring_elements	0.65229
published_at	2026-06-13T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.65218
published_at	2026-06-12T12:55:00Z

value	0.00472
scoring_system	epss
scoring_elements	0.65118
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id	1014976
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

reference_id

202210-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a

reference_url

reference_id

9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a

reference_url

reference_id

dsa-5285

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

reference_url

reference_id

GHSA-p6g5-v97c-w5q4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_id

msg00021.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html

reference_id

msg00047.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-24793

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-546z-qwur-13h1

url VCID-591f-657m-77d7

vulnerability_id VCID-591f-657m-77d7

summary res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15297

reference_id

reference_type

scores

value	0.02861
scoring_system	epss
scoring_elements	0.86566
published_at	2026-06-11T12:55:00Z

value	0.02861
scoring_system	epss
scoring_elements	0.86616
published_at	2026-06-12T12:55:00Z

value	0.02861
scoring_system	epss
scoring_elements	0.86626
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060
reference_id	940060
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2019-15297

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-591f-657m-77d7

url VCID-5sjg-t3ja-57be

vulnerability_id VCID-5sjg-t3ja-57be

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26498

reference_id

reference_type

scores

value	0.01011
scoring_system	epss
scoring_elements	0.7754
published_at	2026-06-11T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77609
published_at	2026-06-12T12:55:00Z

value	0.01011
scoring_system	epss
scoring_elements	0.77623
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-26498

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5sjg-t3ja-57be

url VCID-62p4-jvnj-8kfc

vulnerability_id VCID-62p4-jvnj-8kfc

summary An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18790

reference_id

reference_type

scores

value	0.07372
scoring_system	epss
scoring_elements	0.91905
published_at	2026-06-11T12:55:00Z

value	0.07372
scoring_system	epss
scoring_elements	0.91932
published_at	2026-06-12T12:55:00Z

value	0.07372
scoring_system	epss
scoring_elements	0.9194
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381
reference_id	947381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2019-18790

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62p4-jvnj-8kfc

url VCID-6443-b986-kfb6

vulnerability_id VCID-6443-b986-kfb6

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21723

reference_id

reference_type

scores

value	0.00468
scoring_system	epss
scoring_elements	0.6495
published_at	2026-06-11T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.65061
published_at	2026-06-13T12:55:00Z

value	0.00468
scoring_system	epss
scoring_elements	0.6505
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url

https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896

reference_id

077b465c33f0aec05a49cd2ca456f9a1b112e896

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

http://seclists.org/fulldisclosure/2022/Mar/2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

http://seclists.org/fulldisclosure/2022/Mar/2

reference_url

reference_id

202210-37

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html

reference_url

reference_id

Asterisk-Project-Security-Advisory-AST-2022-006.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html

reference_url

reference_id

dsa-5285

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm

reference_url

reference_id

GHSA-7fw8-54cv-r7pm

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_id

msg00021.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_id

msg00035.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-21723

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6443-b986-kfb6

url VCID-6be8-mh9n-abhd

vulnerability_id VCID-6be8-mh9n-abhd

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32558

reference_id

reference_type

scores

value	0.02875
scoring_system	epss
scoring_elements	0.86593
published_at	2026-06-11T12:55:00Z

value	0.02875
scoring_system	epss
scoring_elements	0.86642
published_at	2026-06-12T12:55:00Z

value	0.02875
scoring_system	epss
scoring_elements	0.86652
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32558

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710
reference_id	991710
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-32558

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6be8-mh9n-abhd

url VCID-6uaq-9f5x-pyff

vulnerability_id VCID-6uaq-9f5x-pyff

summary Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-42365

reference_id

reference_type

scores

value	0.3195
scoring_system	epss
scoring_elements	0.96939
published_at	2026-06-12T12:55:00Z

value	0.3195
scoring_system	epss
scoring_elements	0.96942
published_at	2026-06-13T12:55:00Z

value	0.3195
scoring_system	epss
scoring_elements	0.96929
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-42365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574
reference_id	1078574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574

reference_url

https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4

reference_id

42a2f4ccfa2c7062a15063e765916b3332e34cc4

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4

reference_url

https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8

reference_id

7a0090325bfa9d778a39ae5f7d0a98109e4651c8

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8

reference_url

https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71

reference_id

b4063bf756272254b160b6d1bd6e9a3f8e16cc71

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71

reference_url

https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993

reference_id

bbe68db10ab8a80c29db383e4dfe14f6eafaf993

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993

reference_url

https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2

reference_id

faddd99f2b9408b524e5eb8a01589fe1fa282df2

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44

reference_id

GHSA-c4cg-9275-6w44

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44

reference_url

https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426

reference_id

manager.c#L6426

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426

reference_url

https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426

reference_id

manager.c#L6426

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/

url

https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2024-42365

risk_score 10.0

exploitability 2.0

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6uaq-9f5x-pyff

url VCID-7ah9-w27g-ckg6

vulnerability_id VCID-7ah9-w27g-ckg6

summary An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35652

reference_id

reference_type

scores

value	0.0016
scoring_system	epss
scoring_elements	0.36692
published_at	2026-06-11T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36871
published_at	2026-06-12T12:55:00Z

value	0.0016
scoring_system	epss
scoring_elements	0.36899
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35652

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372
reference_id	979372
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2020-35652

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ah9-w27g-ckg6

url VCID-82hr-cs3x-fqg9

vulnerability_id VCID-82hr-cs3x-fqg9

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43302

reference_id

reference_type

scores

value	0.00321
scoring_system	epss
scoring_elements	0.55522
published_at	2026-06-11T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55642
published_at	2026-06-12T12:55:00Z

value	0.00321
scoring_system	epss
scoring_elements	0.55656
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43302

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82hr-cs3x-fqg9

url VCID-966j-625d-6fa9

vulnerability_id VCID-966j-625d-6fa9

summary An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-13161

reference_id

reference_type

scores

value	0.02222
scoring_system	epss
scoring_elements	0.84914
published_at	2026-06-12T12:55:00Z

value	0.02222
scoring_system	epss
scoring_elements	0.84922
published_at	2026-06-13T12:55:00Z

value	0.02307
scoring_system	epss
scoring_elements	0.85105
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-13161

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981
reference_id	931981
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2019-13161

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-966j-625d-6fa9

url VCID-a151-bk88-hfhq

vulnerability_id VCID-a151-bk88-hfhq

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26499

reference_id

reference_type

scores

value	0.01464
scoring_system	epss
scoring_elements	0.813
published_at	2026-06-11T12:55:00Z

value	0.01464
scoring_system	epss
scoring_elements	0.8136
published_at	2026-06-12T12:55:00Z

value	0.01464
scoring_system	epss
scoring_elements	0.81368
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-26499

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a151-bk88-hfhq

url VCID-aas9-5n54-c7cn

vulnerability_id VCID-aas9-5n54-c7cn

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26717

reference_id

reference_type

scores

value	0.00421
scoring_system	epss
scoring_elements	0.62454
published_at	2026-06-11T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62555
published_at	2026-06-12T12:55:00Z

value	0.00421
scoring_system	epss
scoring_elements	0.62567
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26717

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157
reference_id	983157
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-26717

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aas9-5n54-c7cn

url VCID-avkx-5as3-jbar

vulnerability_id VCID-avkx-5as3-jbar

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23608

reference_id

reference_type

scores

value	0.00784
scoring_system	epss
scoring_elements	0.74202
published_at	2026-06-11T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.74289
published_at	2026-06-13T12:55:00Z

value	0.00784
scoring_system	epss
scoring_elements	0.74277
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url

http://seclists.org/fulldisclosure/2022/Mar/1

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

http://seclists.org/fulldisclosure/2022/Mar/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

reference_id

202210-37

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html

reference_url

reference_id

Asterisk-Project-Security-Advisory-AST-2022-005.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html

reference_url

https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f

reference_id

db3235953baa56d2fb0e276ca510fefca751643f

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f

reference_url

reference_id

dsa-5285

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62

reference_url

reference_id

GHSA-ffff-m5fm-qm62

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_id

msg00021.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_id

msg00035.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html

reference_id

msg00040.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-23608

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avkx-5as3-jbar

url VCID-b4uk-43sc-fbch

vulnerability_id VCID-b4uk-43sc-fbch

summary An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-53566

reference_id

reference_type

scores

value	0.00068
scoring_system	epss
scoring_elements	0.21119
published_at	2026-06-11T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21315
published_at	2026-06-13T12:55:00Z

value	0.00068
scoring_system	epss
scoring_elements	0.21301
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-53566

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566

reference_url

https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616

reference_id

e7c0f44ffb38c00320aa1a6d98bee616

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/

url

https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616

reference_url

https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556

reference_id

manager.c#L2556

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/

url

https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2024-53566

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b4uk-43sc-fbch

url VCID-b6ga-bw58-sbcz

vulnerability_id VCID-b6ga-bw58-sbcz

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-46837

reference_id

reference_type

scores

value	0.00134
scoring_system	epss
scoring_elements	0.32551
published_at	2026-06-11T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32733
published_at	2026-06-12T12:55:00Z

value	0.00134
scoring_system	epss
scoring_elements	0.32754
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073
reference_id	1018073
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-46837

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ga-bw58-sbcz

url VCID-bh6w-tmrd-w7eb

vulnerability_id VCID-bh6w-tmrd-w7eb

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-26651

reference_id

reference_type

scores

value	0.00756
scoring_system	epss
scoring_elements	0.73709
published_at	2026-06-11T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.73784
published_at	2026-06-12T12:55:00Z

value	0.00756
scoring_system	epss
scoring_elements	0.738
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-26651

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-26651

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6w-tmrd-w7eb

url VCID-bpvn-c1qp-6fdj

vulnerability_id VCID-bpvn-c1qp-6fdj

summary PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27585

reference_id

reference_type

scores

value	0.00537
scoring_system	epss
scoring_elements	0.68061
published_at	2026-06-12T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.68074
published_at	2026-06-13T12:55:00Z

value	0.00537
scoring_system	epss
scoring_elements	0.67973
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27585

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697
reference_id	1036697
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697

reference_url

https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5

reference_id

d1c5e4da5bae7f220bc30719888bb389c905c0c5

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5

reference_url

https://www.debian.org/security/2023/dsa-5438

reference_id

dsa-5438

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://www.debian.org/security/2023/dsa-5438

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

reference_id

GHSA-p6g5-v97c-w5q4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

reference_id

GHSA-q9cp-8wcq-7pfr

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr

reference_url	https://security.gentoo.org/glsa/202409-05
reference_id	GLSA-202409-05
reference_type
scores
url	https://security.gentoo.org/glsa/202409-05

reference_url

https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

reference_id

group__PJ__DNS__RESOLVER.htm

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html

reference_id

msg00020.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/6422-2/
reference_id	USN-6422-2
reference_type
scores
url	https://usn.ubuntu.com/6422-2/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2023-27585

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bpvn-c1qp-6fdj

url VCID-csms-stcf-dkf4

vulnerability_id VCID-csms-stcf-dkf4

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49294

reference_id

reference_type

scores

value	0.17085
scoring_system	epss
scoring_elements	0.95146
published_at	2026-06-11T12:55:00Z

value	0.17085
scoring_system	epss
scoring_elements	0.95162
published_at	2026-06-12T12:55:00Z

value	0.17085
scoring_system	epss
scoring_elements	0.95164
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
reference_id	1059032
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-hgs7-nnt2-jbgj

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4

aliases CVE-2023-49294

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-csms-stcf-dkf4

url VCID-d5bd-s7g5-fufn

vulnerability_id VCID-d5bd-s7g5-fufn

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24763

reference_id

reference_type

scores

value	0.01399
scoring_system	epss
scoring_elements	0.80833
published_at	2026-06-11T12:55:00Z

value	0.01399
scoring_system	epss
scoring_elements	0.80893
published_at	2026-06-12T12:55:00Z

value	0.01399
scoring_system	epss
scoring_elements	0.80904
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id	1014976
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-24763

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5bd-s7g5-fufn

url VCID-emwd-gd9k-mygd

vulnerability_id VCID-emwd-gd9k-mygd

summary In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37325

reference_id

reference_type

scores

value	0.0068
scoring_system	epss
scoring_elements	0.72079
published_at	2026-06-11T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.72176
published_at	2026-06-13T12:55:00Z

value	0.0068
scoring_system	epss
scoring_elements	0.72164
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url

https://downloads.asterisk.org/pub/security/AST-2022-007.html

reference_id

AST-2022-007.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/

url

https://downloads.asterisk.org/pub/security/AST-2022-007.html

reference_url

reference_id

dsa-5358

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

reference_url

reference_id

msg00029.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-37325

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emwd-gd9k-mygd

url VCID-g5a4-b3bm-2ucb

vulnerability_id VCID-g5a4-b3bm-2ucb

summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47779

reference_id

reference_type

scores

value	0.00279
scoring_system	epss
scoring_elements	0.51644
published_at	2026-06-11T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51785
published_at	2026-06-13T12:55:00Z

value	0.00279
scoring_system	epss
scoring_elements	0.51773
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47779

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528
reference_id	1106528
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw

reference_id

GHSA-2grh-7mhv-fcfw

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw

reference_url

https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample

reference_id

pjsip.conf.sample

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/

url

https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2025-47779

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5a4-b3bm-2ucb

url VCID-h8bb-7n23-cfak

vulnerability_id VCID-h8bb-7n23-cfak

summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23738

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22636
published_at	2026-06-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22832
published_at	2026-06-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22845
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23738

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id	1127438
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh

reference_id

GHSA-v6hp-wh3r-cwxh

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2026-23738

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8bb-7n23-cfak

url VCID-js7f-w44p-rbgh

vulnerability_id VCID-js7f-w44p-rbgh

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-32686

reference_id

reference_type

scores

value	0.01675
scoring_system	epss
scoring_elements	0.82559
published_at	2026-06-11T12:55:00Z

value	0.01675
scoring_system	epss
scoring_elements	0.82621
published_at	2026-06-12T12:55:00Z

value	0.01675
scoring_system	epss
scoring_elements	0.82628
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-32686

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931
reference_id	991931
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-32686

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js7f-w44p-rbgh

url VCID-k99k-99mz-8uc5

vulnerability_id VCID-k99k-99mz-8uc5

summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49786

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.2321
published_at	2026-06-13T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23002
published_at	2026-06-11T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23199
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
reference_id	1059033
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033

reference_url

http://seclists.org/fulldisclosure/2023/Dec/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://seclists.org/fulldisclosure/2023/Dec/24

reference_url

http://www.openwall.com/lists/oss-security/2023/12/15/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://www.openwall.com/lists/oss-security/2023/12/15/7

reference_url

http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html

reference_id

Asterisk-20.1.0-Denial-Of-Service.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html

reference_url

https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

reference_id

d7d7764cb07c8a1872804321302ef93bf62cba05

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

reference_url

https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race

reference_id

ES2023-01-asterisk-dtls-hello-race

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq

reference_id

GHSA-hxj9-xwr8-w8pq

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

reference_url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

reference_id

msg00019.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-hgs7-nnt2-jbgj

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4

aliases CVE-2023-49786

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k99k-99mz-8uc5

url VCID-m6wj-knxg-5ybg

vulnerability_id VCID-m6wj-knxg-5ybg

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43299

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59707
published_at	2026-06-11T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59815
published_at	2026-06-12T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59827
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43299

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m6wj-knxg-5ybg

url VCID-marj-g3q8-3fdt

vulnerability_id VCID-marj-g3q8-3fdt

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43300

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62862
published_at	2026-06-11T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62964
published_at	2026-06-12T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62976
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43300

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-marj-g3q8-3fdt

url VCID-mks4-6gne-xker

vulnerability_id VCID-mks4-6gne-xker

summary

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.


Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1131

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.20228
published_at	2026-06-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20403
published_at	2026-06-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20425
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp

reference_id

GHSA-v9q8-9j8m-5xwp

reference_type

scores

value	7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp

reference_url	https://security.gentoo.org/glsa/202601-04
reference_id	GLSA-202601-04
reference_type
scores
url	https://security.gentoo.org/glsa/202601-04

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2025-1131

risk_score 3.1

exploitability 0.5

weighted_severity 6.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mks4-6gne-xker

url VCID-mmg1-2mu6-tyey

vulnerability_id VCID-mmg1-2mu6-tyey

summary PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-39244

reference_id

reference_type

scores

value	0.00325
scoring_system	epss
scoring_elements	0.55882
published_at	2026-06-11T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.56018
published_at	2026-06-13T12:55:00Z

value	0.00325
scoring_system	epss
scoring_elements	0.56002
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url

reference_id

202210-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae

reference_url

reference_id

c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae

reference_url

reference_id

dsa-5358

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj

reference_url

reference_id

GHSA-fq45-m3f7-3mhj

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_id

msg00029.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-39244

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmg1-2mu6-tyey

url VCID-mspu-bd2w-7qdw

vulnerability_id VCID-mspu-bd2w-7qdw

summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-54995

reference_id

reference_type

scores

value	0.01416
scoring_system	epss
scoring_elements	0.80984
published_at	2026-06-11T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.81053
published_at	2026-06-13T12:55:00Z

value	0.01416
scoring_system	epss
scoring_elements	0.81044
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-54995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995

reference_url

https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9

reference_id

0278f5bde14565c6838a6ec39bc21aee0cde56a9

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/

url

https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9

reference_url

https://github.com/asterisk/asterisk/pull/1405

reference_id

1405

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/

url

https://github.com/asterisk/asterisk/pull/1405

reference_url

https://github.com/asterisk/asterisk/pull/1406

reference_id

1406

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/

url

https://github.com/asterisk/asterisk/pull/1406

reference_url

https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d

reference_id

eafcd7a451dcd007dddf324ac37dd55a4808338d

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/

url

https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2

reference_id

GHSA-557q-795j-wfx2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2025-54995

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mspu-bd2w-7qdw

url VCID-mssd-d438-7yga

vulnerability_id VCID-mssd-d438-7yga

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24786

reference_id

reference_type

scores

value	0.00738
scoring_system	epss
scoring_elements	0.73314
published_at	2026-06-11T12:55:00Z

value	0.00738
scoring_system	epss
scoring_elements	0.73391
published_at	2026-06-12T12:55:00Z

value	0.00738
scoring_system	epss
scoring_elements	0.73406
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id	1014976
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-24786

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mssd-d438-7yga

url VCID-nt4b-2zg8-gya2

vulnerability_id VCID-nt4b-2zg8-gya2

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-31031

reference_id

reference_type

scores

value	0.00721
scoring_system	epss
scoring_elements	0.72955
published_at	2026-06-11T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.73048
published_at	2026-06-13T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.73033
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004
reference_id	1017004
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005
reference_id	1017005
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005

reference_url

reference_id

202210-37

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202

reference_url

reference_id

450baca94f475345542c6953832650c390889202

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202

reference_url

reference_id

dsa-5358

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj

reference_url

reference_id

GHSA-26j7-ww69-c4qj

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj

reference_url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_id

msg00029.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-31031

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nt4b-2zg8-gya2

url VCID-nuyk-gtnh-t3g2

vulnerability_id VCID-nuyk-gtnh-t3g2

summary PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24764

reference_id

reference_type

scores

value	0.01506
scoring_system	epss
scoring_elements	0.81575
published_at	2026-06-11T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81645
published_at	2026-06-13T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81636
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id	1014976
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

reference_id

202210-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00

reference_url

reference_id

560a1346f87aabe126509bb24930106dea292b00

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00

reference_url

reference_id

dsa-5285

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m

reference_url

reference_id

GHSA-f5qg-pqcg-765m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_id

msg00021.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_id

msg00035.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-24764

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuyk-gtnh-t3g2

url VCID-nvcm-fd6a-nkbg

vulnerability_id VCID-nvcm-fd6a-nkbg

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43301

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62862
published_at	2026-06-11T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62964
published_at	2026-06-12T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62976
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-43301

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvcm-fd6a-nkbg

url VCID-r429-bk4p-g3er

vulnerability_id VCID-r429-bk4p-g3er

summary PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38703

reference_id

reference_type

scores

value	0.0028
scoring_system	epss
scoring_elements	0.51757
published_at	2026-06-11T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.519
published_at	2026-06-13T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51887
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id	1059303
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307
reference_id	1059307
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307

reference_url

https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d

reference_id

6dc9b8c181aff39845f02b4626e0812820d4ef0d

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/

url

https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66

reference_id

GHSA-f76w-fh7c-pc66

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66

reference_url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

reference_id

msg00019.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-hgs7-nnt2-jbgj

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4

aliases CVE-2023-38703

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r429-bk4p-g3er

url VCID-rbr5-7fna-q3f6

vulnerability_id VCID-rbr5-7fna-q3f6

summary Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47780

reference_id

reference_type

scores

value	0.00454
scoring_system	epss
scoring_elements	0.6423
published_at	2026-06-11T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.64332
published_at	2026-06-12T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.64345
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47780

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530
reference_id	1106530
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2

reference_id

GHSA-c7p6-7mvq-8jq2

reference_type

scores

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2025-47780

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbr5-7fna-q3f6

url VCID-tux5-7r7x-2kdf

vulnerability_id VCID-tux5-7r7x-2kdf

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37706

reference_id

reference_type

scores

value	0.00505
scoring_system	epss
scoring_elements	0.66644
published_at	2026-06-11T12:55:00Z

value	0.00505
scoring_system	epss
scoring_elements	0.66736
published_at	2026-06-12T12:55:00Z

value	0.00505
scoring_system	epss
scoring_elements	0.6675
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

reference_url	https://usn.ubuntu.com/6422-2/
reference_id	USN-6422-2
reference_type
scores
url	https://usn.ubuntu.com/6422-2/

reference_url	https://usn.ubuntu.com/8122-1/
reference_id	USN-8122-1
reference_type
scores
url	https://usn.ubuntu.com/8122-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-37706

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tux5-7r7x-2kdf

url VCID-u654-2myp-67e8

vulnerability_id VCID-u654-2myp-67e8

summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23739

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22571
published_at	2026-06-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22766
published_at	2026-06-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22779
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23739

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id	1127438
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437909
reference_id	2437909
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437909

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42

reference_id

GHSA-85x7-54wr-vh42

reference_type

scores

value	2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2026-23739

risk_score 0.9

exploitability 0.5

weighted_severity 1.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u654-2myp-67e8

url VCID-uu3k-v1gc-x7f8

vulnerability_id VCID-uu3k-v1gc-x7f8

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35776

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24629
published_at	2026-06-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24828
published_at	2026-06-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24841
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35776

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158
reference_id	983158
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2020-35776

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uu3k-v1gc-x7f8

url VCID-vvt7-cetm-4ydt

vulnerability_id VCID-vvt7-cetm-4ydt

summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23741

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17386
published_at	2026-06-11T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.1755
published_at	2026-06-12T12:55:00Z

value	0.00054
scoring_system	epss
scoring_elements	0.17567
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23741

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id	1127438
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3

reference_id

GHSA-rvch-3jmx-3jf3

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2026-23741

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvt7-cetm-4ydt

url VCID-wcrz-h8xd-cbez

vulnerability_id VCID-wcrz-h8xd-cbez

summary An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18610

reference_id

reference_type

scores

value	0.41746
scoring_system	epss
scoring_elements	0.97511
published_at	2026-06-11T12:55:00Z

value	0.41746
scoring_system	epss
scoring_elements	0.9752
published_at	2026-06-12T12:55:00Z

value	0.41746
scoring_system	epss
scoring_elements	0.97522
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18610

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377
reference_id	947377
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2019-18610

risk_score 0.2

exploitability 0.5

weighted_severity 0.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wcrz-h8xd-cbez

url VCID-x29s-dc4y-jyf5

vulnerability_id VCID-x29s-dc4y-jyf5

summary Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12827

reference_id

reference_type

scores

value	0.18415
scoring_system	epss
scoring_elements	0.95384
published_at	2026-06-11T12:55:00Z

value	0.18415
scoring_system	epss
scoring_elements	0.95398
published_at	2026-06-12T12:55:00Z

value	0.18415
scoring_system	epss
scoring_elements	0.95403
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12827

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980
reference_id	931980
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2019-12827

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x29s-dc4y-jyf5

url VCID-x9x1-xcqa-5qdw

vulnerability_id VCID-x9x1-xcqa-5qdw

summary PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24792

reference_id

reference_type

scores

value	0.01612
scoring_system	epss
scoring_elements	0.82183
published_at	2026-06-11T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.82254
published_at	2026-06-13T12:55:00Z

value	0.01612
scoring_system	epss
scoring_elements	0.82245
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976
reference_id	1014976
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976

reference_url

reference_id

202210-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213

reference_url

reference_id

947bc1ee6d05be10204b918df75a503415fd3213

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213

reference_url

reference_id

dsa-5285

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799

reference_url

reference_id

GHSA-rwgw-vwxg-q799

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799

reference_url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_id

msg00021.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html

reference_id

msg00047.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-24792

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9x1-xcqa-5qdw

url VCID-xb6q-6m1c-5yfj

vulnerability_id VCID-xb6q-6m1c-5yfj

summary A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42705

reference_id

reference_type

scores

value	0.01516
scoring_system	epss
scoring_elements	0.81627
published_at	2026-06-11T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81696
published_at	2026-06-13T12:55:00Z

value	0.01516
scoring_system	epss
scoring_elements	0.81687
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url

https://downloads.asterisk.org/pub/security/AST-2022-008.html

reference_id

AST-2022-008.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/

url

https://downloads.asterisk.org/pub/security/AST-2022-008.html

reference_url

reference_id

dsa-5358

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

reference_url

reference_id

msg00029.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-42705

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xb6q-6m1c-5yfj

url VCID-xtjr-uufd-wqc8

vulnerability_id VCID-xtjr-uufd-wqc8

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37457

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22362
published_at	2026-06-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22555
published_at	2026-06-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22568
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id	1059303
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-hgs7-nnt2-jbgj

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4

aliases CVE-2023-37457

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xtjr-uufd-wqc8

url VCID-xx9n-5x9g-9fdd

vulnerability_id VCID-xx9n-5x9g-9fdd

summary Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-23740

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06245
published_at	2026-06-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06267
published_at	2026-06-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.06255
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-23740

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438
reference_id	1127438
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437723
reference_id	2437723
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437723

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c

reference_id

GHSA-xpc6-x892-v83c

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c

fixed_packages

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1

aliases CVE-2026-23740

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xx9n-5x9g-9fdd

url VCID-xzgv-h1e1-2fhm

vulnerability_id VCID-xzgv-h1e1-2fhm

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23547

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.64082
published_at	2026-06-13T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.64069
published_at	2026-06-12T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63966
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id	1032092
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092

reference_url

https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36

reference_id

bc4812d31a67d5e2f973fbfaf950d6118226cf36

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/

url

https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w

reference_id

GHSA-9pfh-r8x4-w26w

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr

reference_id

GHSA-cxwq-5g9x-x7fr

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2022-23547

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzgv-h1e1-2fhm

url VCID-year-eh79-qfc2

vulnerability_id VCID-year-eh79-qfc2

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26906

reference_id

reference_type

scores

value	0.00811
scoring_system	epss
scoring_elements	0.74668
published_at	2026-06-11T12:55:00Z

value	0.00811
scoring_system	epss
scoring_elements	0.74739
published_at	2026-06-12T12:55:00Z

value	0.00811
scoring_system	epss
scoring_elements	0.74752
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26906

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159
reference_id	983159
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-19pf-yqxu-4ua8

vulnerability	VCID-6uaq-9f5x-pyff

vulnerability	VCID-b4uk-43sc-fbch

vulnerability	VCID-csms-stcf-dkf4

vulnerability	VCID-g5a4-b3bm-2ucb

vulnerability	VCID-h8bb-7n23-cfak

vulnerability	VCID-k99k-99mz-8uc5

vulnerability	VCID-mks4-6gne-xker

vulnerability	VCID-mspu-bd2w-7qdw

vulnerability	VCID-r429-bk4p-g3er

vulnerability	VCID-rbr5-7fna-q3f6

vulnerability	VCID-u654-2myp-67e8

vulnerability	VCID-vvt7-cetm-4ydt

vulnerability	VCID-xtjr-uufd-wqc8

vulnerability	VCID-xx9n-5x9g-9fdd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3

aliases CVE-2021-26906

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-year-eh79-qfc2

url VCID-yqr3-7hk1-zfad

vulnerability_id VCID-yqr3-7hk1-zfad

summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21722

reference_id

reference_type

scores

value	0.00462
scoring_system	epss
scoring_elements	0.64735
published_at	2026-06-13T12:55:00Z

value	0.00462
scoring_system	epss
scoring_elements	0.64723
published_at	2026-06-12T12:55:00Z

value	0.00462
scoring_system	epss
scoring_elements	0.6462
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

reference_id

202210-37

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/

url

https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a

reference_url

reference_id

22af44e68a0c7d190ac1e25075e1382f77e9397a

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/

url

https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a

reference_url

reference_id

dsa-5285

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/

url