Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1079855?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "type": "deb", "namespace": "debian", "name": "asterisk", "version": "1:16.2.1~dfsg-1+deb10u2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:22.9.0+dfsg+~cs6.16.60671434-1", "latest_non_vulnerable_version": "1:22.9.0+dfsg+~cs6.16.60671434-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41179?format=api", "vulnerability_id": "VCID-19pf-yqxu-4ua8", "summary": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.76963", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.7704", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.77047", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00963", "scoring_system": "epss", "scoring_elements": "0.77034", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4", "reference_id": "42a2f4ccfa2c7062a15063e765916b3332e34cc4", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742", "reference_id": "4f01669c7c41c9184f3cce9a3cf1b2ebf6201742", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2", "reference_id": "50bf8d4d3064930d28ecf1ce3397b14574d514d2", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8", "reference_id": "7a0090325bfa9d778a39ae5f7d0a98109e4651c8", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0", "reference_id": "a15050650abf09c10a3c135fab148220cd41d3a0", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9", "reference_id": "GHSA-v428-g3cw-7hv9", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2024-42491" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19pf-yqxu-4ua8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166582?format=api", "vulnerability_id": "VCID-26cq-wj3k-fqb9", "summary": "An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0081", "scoring_system": "epss", "scoring_elements": "0.74664", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0081", "scoring_system": "epss", "scoring_elements": "0.74745", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0081", "scoring_system": "epss", "scoring_elements": "0.74748", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0081", "scoring_system": "epss", "scoring_elements": "0.74735", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://downloads.asterisk.org/pub/security/AST-2022-009.html", "reference_id": "AST-2022-009.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/" } ], "url": "https://downloads.asterisk.org/pub/security/AST-2022-009.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5358", "reference_id": "dsa-5358", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5358" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-42706" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-26cq-wj3k-fqb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164013?format=api", "vulnerability_id": "VCID-285z-mgz1-q7cd", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62481", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62589", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62595", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00422", "scoring_system": "epss", "scoring_elements": "0.62582", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092", "reference_id": "1032092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1", "reference_id": "d8440f4d711a654b511f50f79c0445b26f9dd1e1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w", "reference_id": "GHSA-9pfh-r8x4-w26w", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-23537" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-285z-mgz1-q7cd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175996?format=api", "vulnerability_id": "VCID-3azv-xr5c-ckcf", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52366", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52494", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52507", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.5249", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43845" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3azv-xr5c-ckcf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175995?format=api", "vulnerability_id": "VCID-41pk-9azt-hqdx", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53748", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53874", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53891", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53877", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43804" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41pk-9azt-hqdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175999?format=api", "vulnerability_id": "VCID-4ty4-xrdd-2kee", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.37981", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38157", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.38183", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0017", "scoring_system": "epss", "scoring_elements": "0.3817", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092", "reference_id": "1032092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-39269" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty4-xrdd-2kee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173353?format=api", "vulnerability_id": "VCID-546z-qwur-13h1", "summary": "PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.65227", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.65229", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.65218", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00472", "scoring_system": "epss", "scoring_elements": "0.65118", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976", "reference_id": "1014976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a", "reference_id": "9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4", "reference_id": "GHSA-p6g5-v97c-w5q4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html", "reference_id": "msg00047.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-24793" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-546z-qwur-13h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206930?format=api", "vulnerability_id": "VCID-591f-657m-77d7", "summary": "res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02861", "scoring_system": "epss", "scoring_elements": "0.86566", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02861", "scoring_system": "epss", "scoring_elements": "0.86616", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02861", "scoring_system": "epss", "scoring_elements": "0.86626", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02861", "scoring_system": "epss", "scoring_elements": "0.86623", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060", "reference_id": "940060", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2019-15297" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-591f-657m-77d7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179038?format=api", "vulnerability_id": "VCID-5sjg-t3ja-57be", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01011", "scoring_system": "epss", "scoring_elements": "0.7754", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01011", "scoring_system": "epss", "scoring_elements": "0.77609", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01011", "scoring_system": "epss", "scoring_elements": "0.77623", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01011", "scoring_system": "epss", "scoring_elements": "0.77615", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-26498" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5sjg-t3ja-57be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207060?format=api", "vulnerability_id": "VCID-62p4-jvnj-8kfc", "summary": "An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18790", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07372", "scoring_system": "epss", "scoring_elements": "0.91905", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.07372", "scoring_system": "epss", "scoring_elements": "0.91932", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.07372", "scoring_system": "epss", "scoring_elements": "0.9194", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.07372", "scoring_system": "epss", "scoring_elements": "0.91937", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381", "reference_id": "947381", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2019-18790" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62p4-jvnj-8kfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169856?format=api", "vulnerability_id": "VCID-6443-b986-kfb6", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6495", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65059", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.65061", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00468", "scoring_system": "epss", "scoring_elements": "0.6505", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896", "reference_id": "077b465c33f0aec05a49cd2ca456f9a1b112e896", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Mar/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Mar/2" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html", "reference_id": "Asterisk-Project-Security-Advisory-AST-2022-006.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm", "reference_id": "GHSA-7fw8-54cv-r7pm", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-21723" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6443-b986-kfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179037?format=api", "vulnerability_id": "VCID-6be8-mh9n-abhd", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02875", "scoring_system": "epss", "scoring_elements": "0.86593", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02875", "scoring_system": "epss", "scoring_elements": "0.86642", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02875", "scoring_system": "epss", "scoring_elements": "0.86652", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02875", "scoring_system": "epss", "scoring_elements": "0.86649", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710", "reference_id": "991710", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-32558" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6be8-mh9n-abhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40939?format=api", "vulnerability_id": "VCID-6uaq-9f5x-pyff", "summary": "Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3195", "scoring_system": "epss", "scoring_elements": "0.96939", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.3195", "scoring_system": "epss", "scoring_elements": "0.96943", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.3195", "scoring_system": "epss", "scoring_elements": "0.96929", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.3195", "scoring_system": "epss", "scoring_elements": "0.96942", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-42365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574", "reference_id": "1078574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4", "reference_id": "42a2f4ccfa2c7062a15063e765916b3332e34cc4", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8", "reference_id": "7a0090325bfa9d778a39ae5f7d0a98109e4651c8", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71", "reference_id": "b4063bf756272254b160b6d1bd6e9a3f8e16cc71", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993", "reference_id": "bbe68db10ab8a80c29db383e4dfe14f6eafaf993", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2", "reference_id": "faddd99f2b9408b524e5eb8a01589fe1fa282df2", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44", "reference_id": "GHSA-c4cg-9275-6w44", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44" }, { "reference_url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426", "reference_id": "manager.c#L6426", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426" }, { "reference_url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426", "reference_id": "manager.c#L6426", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/" } ], "url": "https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2024-42365" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uaq-9f5x-pyff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207980?format=api", "vulnerability_id": "VCID-7ah9-w27g-ckg6", "summary": "An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36692", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36871", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36899", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36885", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372", "reference_id": "979372", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2020-35652" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ah9-w27g-ckg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208866?format=api", "vulnerability_id": "VCID-82hr-cs3x-fqg9", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55522", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55642", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55656", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00321", "scoring_system": "epss", "scoring_elements": "0.55643", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43302" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82hr-cs3x-fqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206787?format=api", "vulnerability_id": "VCID-966j-625d-6fa9", "summary": "An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84914", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02222", "scoring_system": "epss", "scoring_elements": "0.84922", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02307", "scoring_system": "epss", "scoring_elements": "0.85105", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-13161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981", "reference_id": "931981", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2019-13161" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-966j-625d-6fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179039?format=api", "vulnerability_id": "VCID-a151-bk88-hfhq", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01464", "scoring_system": "epss", "scoring_elements": "0.813", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01464", "scoring_system": "epss", "scoring_elements": "0.8136", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01464", "scoring_system": "epss", "scoring_elements": "0.81368", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-26499" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a151-bk88-hfhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179034?format=api", "vulnerability_id": "VCID-aas9-5n54-c7cn", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62454", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62555", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62567", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00421", "scoring_system": "epss", "scoring_elements": "0.62562", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26717" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157", "reference_id": "983157", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-26717" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aas9-5n54-c7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163806?format=api", "vulnerability_id": "VCID-avkx-5as3-jbar", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74202", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74287", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74289", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00784", "scoring_system": "epss", "scoring_elements": "0.74277", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Mar/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Mar/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html", "reference_id": "Asterisk-Project-Security-Advisory-AST-2022-005.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f", "reference_id": "db3235953baa56d2fb0e276ca510fefca751643f", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62", "reference_id": "GHSA-ffff-m5fm-qm62", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html", "reference_id": "msg00040.html", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-23608" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avkx-5as3-jbar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44537?format=api", "vulnerability_id": "VCID-b4uk-43sc-fbch", "summary": "An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21294", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21119", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21301", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.21315", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566" }, { "reference_url": "https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616", "reference_id": "e7c0f44ffb38c00320aa1a6d98bee616", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/" } ], "url": "https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616" }, { "reference_url": "https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556", "reference_id": "manager.c#L2556", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/" } ], "url": "https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2024-53566" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4uk-43sc-fbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208990?format=api", "vulnerability_id": "VCID-b6ga-bw58-sbcz", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32551", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32733", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32754", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00134", "scoring_system": "epss", "scoring_elements": "0.32731", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073", "reference_id": "1018073", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-46837" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6ga-bw58-sbcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179040?format=api", "vulnerability_id": "VCID-bh6w-tmrd-w7eb", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73709", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73784", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.738", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00756", "scoring_system": "epss", "scoring_elements": "0.73799", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26651" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-26651" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6w-tmrd-w7eb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145570?format=api", "vulnerability_id": "VCID-bpvn-c1qp-6fdj", "summary": "PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67973", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.6807", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.68074", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.68061", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697", "reference_id": "1036697", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5", "reference_id": "d1c5e4da5bae7f220bc30719888bb389c905c0c5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5438", "reference_id": "dsa-5438", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5438" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4", "reference_id": "GHSA-p6g5-v97c-w5q4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr", "reference_id": "GHSA-q9cp-8wcq-7pfr", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr" }, { "reference_url": "https://security.gentoo.org/glsa/202409-05", "reference_id": "GLSA-202409-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-05" }, { "reference_url": "https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm", "reference_id": "group__PJ__DNS__RESOLVER.htm", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html", "reference_id": "msg00020.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/6422-2/", "reference_id": "USN-6422-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2023-27585" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpvn-c1qp-6fdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179042?format=api", "vulnerability_id": "VCID-csms-stcf-dkf4", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17085", "scoring_system": "epss", "scoring_elements": "0.95146", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.17085", "scoring_system": "epss", "scoring_elements": "0.95162", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.17085", "scoring_system": "epss", "scoring_elements": "0.95164", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.17085", "scoring_system": "epss", "scoring_elements": "0.95165", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032", "reference_id": "1059032", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075645?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-hgs7-nnt2-jbgj" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4" } ], "aliases": [ "CVE-2023-49294" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-csms-stcf-dkf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175997?format=api", "vulnerability_id": "VCID-d5bd-s7g5-fufn", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01399", "scoring_system": "epss", "scoring_elements": "0.80833", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01399", "scoring_system": "epss", "scoring_elements": "0.80893", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01399", "scoring_system": "epss", "scoring_elements": "0.80904", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01399", "scoring_system": "epss", "scoring_elements": "0.80895", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976", "reference_id": "1014976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-24763" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d5bd-s7g5-fufn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167946?format=api", "vulnerability_id": "VCID-emwd-gd9k-mygd", "summary": "In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.72079", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.72172", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.72176", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0068", "scoring_system": "epss", "scoring_elements": "0.72164", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://downloads.asterisk.org/pub/security/AST-2022-007.html", "reference_id": "AST-2022-007.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/" } ], "url": "https://downloads.asterisk.org/pub/security/AST-2022-007.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5358", "reference_id": "dsa-5358", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5358" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-37325" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emwd-gd9k-mygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/120009?format=api", "vulnerability_id": "VCID-g5a4-b3bm-2ucb", "summary": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51771", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51644", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51773", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00279", "scoring_system": "epss", "scoring_elements": "0.51785", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528", "reference_id": "1106528", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw", "reference_id": "GHSA-2grh-7mhv-fcfw", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw" }, { "reference_url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample", "reference_id": "pjsip.conf.sample", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/" } ], "url": "https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2025-47779" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5a4-b3bm-2ucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66988?format=api", "vulnerability_id": "VCID-h8bb-7n23-cfak", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22636", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22832", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22845", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22824", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438", "reference_id": "1127438", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh", "reference_id": "GHSA-v6hp-wh3r-cwxh", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2026-23738" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8bb-7n23-cfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175993?format=api", "vulnerability_id": "VCID-js7f-w44p-rbgh", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32686", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82559", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82621", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82628", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01675", "scoring_system": "epss", "scoring_elements": "0.82623", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32686" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931", "reference_id": "991931", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-32686" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-js7f-w44p-rbgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132990?format=api", "vulnerability_id": "VCID-k99k-99mz-8uc5", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23188", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23002", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23199", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.2321", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033", "reference_id": "1059033", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Dec/24", "reference_id": "24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Dec/24" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/15/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/15/7" }, { "reference_url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html", "reference_id": "Asterisk-20.1.0-Denial-Of-Service.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05", "reference_id": "d7d7764cb07c8a1872804321302ef93bf62cba05", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05" }, { "reference_url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race", "reference_id": "ES2023-01-asterisk-dtls-hello-race", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq", "reference_id": "GHSA-hxj9-xwr8-w8pq", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html", "reference_id": "msg00019.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075645?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-hgs7-nnt2-jbgj" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4" } ], "aliases": [ "CVE-2023-49786" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k99k-99mz-8uc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208863?format=api", "vulnerability_id": "VCID-m6wj-knxg-5ybg", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59707", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59815", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59827", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59818", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43299" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6wj-knxg-5ybg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208864?format=api", "vulnerability_id": "VCID-marj-g3q8-3fdt", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62862", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62964", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62976", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62972", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43300" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-marj-g3q8-3fdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/115896?format=api", "vulnerability_id": "VCID-mks4-6gne-xker", "summary": "A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.\n\n\nNon-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20228", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20403", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20425", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20402", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-1131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp", "reference_id": "GHSA-v9q8-9j8m-5xwp", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp" }, { "reference_url": "https://security.gentoo.org/glsa/202601-04", "reference_id": "GLSA-202601-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202601-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2025-1131" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mks4-6gne-xker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/168286?format=api", "vulnerability_id": "VCID-mmg1-2mu6-tyey", "summary": "PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55882", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.56004", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.56018", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.56002", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae", "reference_id": "c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5358", "reference_id": "dsa-5358", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5358" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj", "reference_id": "GHSA-fq45-m3f7-3mhj", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-39244" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mmg1-2mu6-tyey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/87918?format=api", "vulnerability_id": "VCID-mspu-bd2w-7qdw", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01327", "scoring_system": "epss", "scoring_elements": "0.80413", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.81053", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.81044", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01416", "scoring_system": "epss", "scoring_elements": "0.80984", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9", "reference_id": "0278f5bde14565c6838a6ec39bc21aee0cde56a9", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9" }, { "reference_url": "https://github.com/asterisk/asterisk/pull/1405", "reference_id": "1405", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/" } ], "url": "https://github.com/asterisk/asterisk/pull/1405" }, { "reference_url": "https://github.com/asterisk/asterisk/pull/1406", "reference_id": "1406", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/" } ], "url": "https://github.com/asterisk/asterisk/pull/1406" }, { "reference_url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d", "reference_id": "eafcd7a451dcd007dddf324ac37dd55a4808338d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/" } ], "url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2", "reference_id": "GHSA-557q-795j-wfx2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2025-54995" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mspu-bd2w-7qdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175998?format=api", "vulnerability_id": "VCID-mssd-d438-7yga", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73314", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73391", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73406", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00738", "scoring_system": "epss", "scoring_elements": "0.73404", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976", "reference_id": "1014976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-24786" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mssd-d438-7yga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167213?format=api", "vulnerability_id": "VCID-nt4b-2zg8-gya2", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72955", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.73046", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.73048", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.73033", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004", "reference_id": "1017004", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005", "reference_id": "1017005", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202", "reference_id": "450baca94f475345542c6953832650c390889202", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5358", "reference_id": "dsa-5358", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5358" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj", "reference_id": "GHSA-26j7-ww69-c4qj", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-31031" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nt4b-2zg8-gya2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173386?format=api", "vulnerability_id": "VCID-nuyk-gtnh-t3g2", "summary": "PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81575", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81645", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81636", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976", "reference_id": "1014976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00", "reference_id": "560a1346f87aabe126509bb24930106dea292b00", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m", "reference_id": "GHSA-f5qg-pqcg-765m", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-24764" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuyk-gtnh-t3g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208865?format=api", "vulnerability_id": "VCID-nvcm-fd6a-nkbg", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62862", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62964", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62976", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62972", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43301" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nvcm-fd6a-nkbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131886?format=api", "vulnerability_id": "VCID-r429-bk4p-g3er", "summary": "PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51757", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51884", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.519", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51887", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303", "reference_id": "1059303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307", "reference_id": "1059307", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d", "reference_id": "6dc9b8c181aff39845f02b4626e0812820d4ef0d", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66", "reference_id": "GHSA-f76w-fh7c-pc66", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html", "reference_id": "msg00019.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075645?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-hgs7-nnt2-jbgj" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4" } ], "aliases": [ "CVE-2023-38703" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r429-bk4p-g3er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/119923?format=api", "vulnerability_id": "VCID-rbr5-7fna-q3f6", "summary": "Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.6423", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64332", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64345", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64341", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-47780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530", "reference_id": "1106530", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2", "reference_id": "GHSA-c7p6-7mvq-8jq2", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2025-47780" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rbr5-7fna-q3f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175994?format=api", "vulnerability_id": "VCID-tux5-7r7x-2kdf", "summary": "Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66644", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66736", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.6675", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00505", "scoring_system": "epss", "scoring_elements": "0.66749", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/6422-2/", "reference_id": "USN-6422-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-2/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-37706" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tux5-7r7x-2kdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66837?format=api", "vulnerability_id": "VCID-u654-2myp-67e8", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23739", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22571", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22766", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22779", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22759", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438", "reference_id": "1127438", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437909", "reference_id": "2437909", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437909" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42", "reference_id": "GHSA-85x7-54wr-vh42", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2026-23739" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u654-2myp-67e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179030?format=api", "vulnerability_id": "VCID-uu3k-v1gc-x7f8", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24629", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24828", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24841", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24825", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158", "reference_id": "983158", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2020-35776" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uu3k-v1gc-x7f8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66865?format=api", "vulnerability_id": "VCID-vvt7-cetm-4ydt", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17386", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1755", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17567", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1754", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438", "reference_id": "1127438", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3", "reference_id": "GHSA-rvch-3jmx-3jf3", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2026-23741" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vvt7-cetm-4ydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207057?format=api", "vulnerability_id": "VCID-wcrz-h8xd-cbez", "summary": "An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18610", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.41746", "scoring_system": "epss", "scoring_elements": "0.97511", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.41746", "scoring_system": "epss", "scoring_elements": "0.9752", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.41746", "scoring_system": "epss", "scoring_elements": "0.97522", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.41746", "scoring_system": "epss", "scoring_elements": "0.97523", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377", "reference_id": "947377", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2019-18610" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wcrz-h8xd-cbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206760?format=api", "vulnerability_id": "VCID-x29s-dc4y-jyf5", "summary": "Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18415", "scoring_system": "epss", "scoring_elements": "0.95384", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.18415", "scoring_system": "epss", "scoring_elements": "0.95398", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.18415", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.18415", "scoring_system": "epss", "scoring_elements": "0.95405", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980", "reference_id": "931980", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2019-12827" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x29s-dc4y-jyf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173271?format=api", "vulnerability_id": "VCID-x9x1-xcqa-5qdw", "summary": "PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.82183", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.82248", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.82254", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01612", "scoring_system": "epss", "scoring_elements": "0.82245", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976", "reference_id": "1014976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213", "reference_id": "947bc1ee6d05be10204b918df75a503415fd3213", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799", "reference_id": "GHSA-rwgw-vwxg-q799", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html", "reference_id": "msg00047.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-24792" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9x1-xcqa-5qdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166275?format=api", "vulnerability_id": "VCID-xb6q-6m1c-5yfj", "summary": "A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01516", "scoring_system": "epss", "scoring_elements": "0.81627", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01516", "scoring_system": "epss", "scoring_elements": "0.81688", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01516", "scoring_system": "epss", "scoring_elements": "0.81696", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01516", "scoring_system": "epss", "scoring_elements": "0.81687", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://downloads.asterisk.org/pub/security/AST-2022-008.html", "reference_id": "AST-2022-008.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/" } ], "url": "https://downloads.asterisk.org/pub/security/AST-2022-008.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5358", "reference_id": "dsa-5358", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5358" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html", "reference_id": "msg00029.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-42705" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xb6q-6m1c-5yfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179041?format=api", "vulnerability_id": "VCID-xtjr-uufd-wqc8", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37457", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22362", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22555", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22568", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.2255", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303", "reference_id": "1059303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075645?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-hgs7-nnt2-jbgj" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4" } ], "aliases": [ "CVE-2023-37457" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtjr-uufd-wqc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66921?format=api", "vulnerability_id": "VCID-xx9n-5x9g-9fdd", "summary": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23740", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06237", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06245", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06267", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06255", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438", "reference_id": "1127438", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437723", "reference_id": "2437723", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437723" }, { "reference_url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c", "reference_id": "GHSA-xpc6-x892-v83c", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/" } ], "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1075646?format=api", "purl": "pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1" } ], "aliases": [ "CVE-2026-23740" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xx9n-5x9g-9fdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163881?format=api", "vulnerability_id": "VCID-xzgv-h1e1-2fhm", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.63966", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64079", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64082", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64069", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092", "reference_id": "1032092", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36", "reference_id": "bc4812d31a67d5e2f973fbfaf950d6118226cf36", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w", "reference_id": "GHSA-9pfh-r8x4-w26w", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr", "reference_id": "GHSA-cxwq-5g9x-x7fr", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-23547" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xzgv-h1e1-2fhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/179035?format=api", "vulnerability_id": "VCID-year-eh79-qfc2", "summary": "Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74668", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74739", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74752", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00811", "scoring_system": "epss", "scoring_elements": "0.74749", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26906" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159", "reference_id": "983159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159" }, { "reference_url": "https://security.gentoo.org/glsa/202412-03", "reference_id": "GLSA-202412-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-26906" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-year-eh79-qfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/169944?format=api", "vulnerability_id": "VCID-yqr3-7hk1-zfad", "summary": "PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.6462", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64731", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64735", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00462", "scoring_system": "epss", "scoring_elements": "0.64723", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://security.gentoo.org/glsa/202210-37", "reference_id": "202210-37", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://security.gentoo.org/glsa/202210-37" }, { "reference_url": "https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a", "reference_id": "22af44e68a0c7d190ac1e25075e1382f77e9397a", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5285", "reference_id": "dsa-5285", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5285" }, { "reference_url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36", "reference_id": "GHSA-m66q-q64c-hv36", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html", "reference_id": "msg00021.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "reference_id": "msg00038.html", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2022-21722" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yqr3-7hk1-zfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208867?format=api", "vulnerability_id": "VCID-z7pf-n9uf-7ff3", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62862", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62964", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62976", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62972", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998", "reference_id": "1014998", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998" }, { "reference_url": "https://usn.ubuntu.com/6422-1/", "reference_id": "USN-6422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6422-1/" }, { "reference_url": "https://usn.ubuntu.com/8122-1/", "reference_id": "USN-8122-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8122-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43303" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7pf-n9uf-7ff3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207953?format=api", "vulnerability_id": "VCID-zbbe-qnd8-4yau", "summary": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02188", "scoring_system": "epss", "scoring_elements": "0.84741", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.02188", "scoring_system": "epss", "scoring_elements": "0.84794", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.02188", "scoring_system": "epss", "scoring_elements": "0.84803", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02188", "scoring_system": "epss", "scoring_elements": "0.84795", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712", "reference_id": "974712", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2020-28327" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbbe-qnd8-4yau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207951?format=api", "vulnerability_id": "VCID-zwsy-26a5-tudy", "summary": "An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28242", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61578", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61681", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61689", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61685", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713", "reference_id": "974713", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1080406?format=api", "purl": "pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3" } ], "aliases": [ "CVE-2020-28242" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zwsy-26a5-tudy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176635?format=api", "vulnerability_id": "VCID-1j6s-5929-jba5", "summary": "Multiple vulnerabilities have been found in Asterisk, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05269", "scoring_system": "epss", "scoring_elements": "0.90211", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.05269", "scoring_system": "epss", "scoring_elements": "0.90241", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.05269", "scoring_system": "epss", "scoring_elements": "0.9025", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.05269", "scoring_system": "epss", "scoring_elements": "0.90248", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16672" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256", "reference_id": "881256", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256" }, { "reference_url": "https://security.gentoo.org/glsa/201811-11", "reference_id": "GLSA-201811-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-16672" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1j6s-5929-jba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204998?format=api", "vulnerability_id": "VCID-2yhz-4z7q-v3bj", "summary": "A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17664", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01276", "scoring_system": "epss", "scoring_elements": "0.79967", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01276", "scoring_system": "epss", "scoring_elements": "0.80029", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01276", "scoring_system": "epss", "scoring_elements": "0.80047", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01276", "scoring_system": "epss", "scoring_elements": "0.80039", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17664" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345", "reference_id": "884345", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-17664" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2yhz-4z7q-v3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176634?format=api", "vulnerability_id": "VCID-3nmd-gfnx-zycc", "summary": "Multiple vulnerabilities have been found in Asterisk, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16671", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88103", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88143", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88149", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.03635", "scoring_system": "epss", "scoring_elements": "0.88148", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257", "reference_id": "881257", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257" }, { "reference_url": "https://security.gentoo.org/glsa/201811-11", "reference_id": "GLSA-201811-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-11" }, { "reference_url": "https://usn.ubuntu.com/USN-4814-1/", "reference_id": "USN-USN-4814-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4814-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-16671" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3nmd-gfnx-zycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175164?format=api", "vulnerability_id": "VCID-4y87-mgkp-kug6", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78048", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78116", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78129", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0106", "scoring_system": "epss", "scoring_elements": "0.78124", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954", "reference_id": "902954", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954" }, { "reference_url": "https://security.gentoo.org/glsa/201811-11", "reference_id": "GLSA-201811-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-12227" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4y87-mgkp-kug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175161?format=api", "vulnerability_id": "VCID-5fnd-6j1g-v7dm", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.65243", "scoring_system": "epss", "scoring_elements": "0.98506", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.65243", "scoring_system": "epss", "scoring_elements": "0.98511", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227", "reference_id": "891227", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py", "reference_id": "CVE-2018-7284", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py" }, { "reference_url": "https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md", "reference_id": "CVE-2018-7284", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-7284" ], "risk_score": 1.2, "exploitability": "2.0", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5fnd-6j1g-v7dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167653?format=api", "vulnerability_id": "VCID-7p8w-juvq-9qbp", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80582", "scoring_system": "epss", "scoring_elements": "0.9916", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.80582", "scoring_system": "epss", "scoring_elements": "0.99164", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342", "reference_id": "883342", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py", "reference_id": "CVE-2017-17090;AST-2017-01", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073767?format=api", "purl": "pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1c9k-f31b-u3gd" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2q7t-camu-gkhf" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-2zkw-u7gs-vyhc" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4jz1-8qyg-u3bb" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4vyf-p1f1-wkdq" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5r2x-a5bs-d3cy" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-91cc-3p28-tba7" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-dxyn-tsbx-qbc8" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-eeyn-yxuj-y7gh" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k4ya-8pmg-ayh8" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-ktbc-22t1-r3az" }, { "vulnerability": "VCID-m15s-j2fj-4ua8" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-qxup-q7n9-xke7" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-rqwn-rfjf-sbf7" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-upap-7j5r-p7ch" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-v8ph-vrc7-7ue1" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-wx4r-avzg-kbgm" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zp67-1j8g-mufp" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-17090" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7p8w-juvq-9qbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175163?format=api", "vulnerability_id": "VCID-9wph-ucaa-byam", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54632", "scoring_system": "epss", "scoring_elements": "0.98081", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.54632", "scoring_system": "epss", "scoring_elements": "0.98089", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-7286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228", "reference_id": "891228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py", "reference_id": "CVE-2018-7286", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py" }, { "reference_url": "https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md", "reference_id": "CVE-2018-7286", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-7286" ], "risk_score": 1.0, "exploitability": "2.0", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wph-ucaa-byam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207383?format=api", "vulnerability_id": "VCID-cx52-9j5c-bqbp", "summary": "An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04411", "scoring_system": "epss", "scoring_elements": "0.89259", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04411", "scoring_system": "epss", "scoring_elements": "0.89297", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.04411", "scoring_system": "epss", "scoring_elements": "0.89305", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.04411", "scoring_system": "epss", "scoring_elements": "0.89304", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-7251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690", "reference_id": "923690", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-7251" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cx52-9j5c-bqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163572?format=api", "vulnerability_id": "VCID-e4t6-kskm-qffn", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14100", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33558", "scoring_system": "epss", "scoring_elements": "0.97045", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.33558", "scoring_system": "epss", "scoring_elements": "0.97054", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.33558", "scoring_system": "epss", "scoring_elements": "0.97056", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14100" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908", "reference_id": "873908", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908" }, { "reference_url": "https://security.gentoo.org/glsa/201710-29", "reference_id": "GLSA-201710-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073767?format=api", "purl": "pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1c9k-f31b-u3gd" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2q7t-camu-gkhf" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-2zkw-u7gs-vyhc" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4jz1-8qyg-u3bb" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4vyf-p1f1-wkdq" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5r2x-a5bs-d3cy" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-91cc-3p28-tba7" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-dxyn-tsbx-qbc8" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-eeyn-yxuj-y7gh" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k4ya-8pmg-ayh8" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-ktbc-22t1-r3az" }, { "vulnerability": "VCID-m15s-j2fj-4ua8" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-qxup-q7n9-xke7" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-rqwn-rfjf-sbf7" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-upap-7j5r-p7ch" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-v8ph-vrc7-7ue1" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-wx4r-avzg-kbgm" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zp67-1j8g-mufp" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-14100" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e4t6-kskm-qffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163571?format=api", "vulnerability_id": "VCID-ej13-hta7-xfa9", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.5911", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59222", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59234", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.59225", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14099" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907", "reference_id": "873907", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907" }, { "reference_url": "https://security.gentoo.org/glsa/201710-29", "reference_id": "GLSA-201710-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073767?format=api", "purl": "pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1c9k-f31b-u3gd" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2q7t-camu-gkhf" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-2zkw-u7gs-vyhc" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4jz1-8qyg-u3bb" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4vyf-p1f1-wkdq" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5r2x-a5bs-d3cy" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-91cc-3p28-tba7" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-dxyn-tsbx-qbc8" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-eeyn-yxuj-y7gh" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k4ya-8pmg-ayh8" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-ktbc-22t1-r3az" }, { "vulnerability": "VCID-m15s-j2fj-4ua8" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-qxup-q7n9-xke7" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-rqwn-rfjf-sbf7" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-upap-7j5r-p7ch" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-v8ph-vrc7-7ue1" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-wx4r-avzg-kbgm" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zp67-1j8g-mufp" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-14099" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ej13-hta7-xfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/176636?format=api", "vulnerability_id": "VCID-ew6x-wukn-wff1", "summary": "Multiple vulnerabilities have been found in Asterisk, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.29958", "scoring_system": "epss", "scoring_elements": "0.96769", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.29958", "scoring_system": "epss", "scoring_elements": "0.9678", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.29958", "scoring_system": "epss", "scoring_elements": "0.96782", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-17850" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072", "reference_id": "885072", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072" }, { "reference_url": "https://security.gentoo.org/glsa/201811-11", "reference_id": "GLSA-201811-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-17850" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ew6x-wukn-wff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207076?format=api", "vulnerability_id": "VCID-m5j7-xrze-xqhb", "summary": "An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37417", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37595", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37619", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37607", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2019-18976" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m5j7-xrze-xqhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164374?format=api", "vulnerability_id": "VCID-t3hz-688a-37g2", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14603", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73523", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73597", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.73612", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00747", "scoring_system": "epss", "scoring_elements": "0.7361", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328", "reference_id": "876328", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328" }, { "reference_url": "https://security.gentoo.org/glsa/201710-29", "reference_id": "GLSA-201710-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1073767?format=api", "purl": "pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1c9k-f31b-u3gd" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2q7t-camu-gkhf" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-2zkw-u7gs-vyhc" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4jz1-8qyg-u3bb" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4vyf-p1f1-wkdq" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5r2x-a5bs-d3cy" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-91cc-3p28-tba7" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-dxyn-tsbx-qbc8" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-eeyn-yxuj-y7gh" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k4ya-8pmg-ayh8" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-ktbc-22t1-r3az" }, { "vulnerability": "VCID-m15s-j2fj-4ua8" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-qxup-q7n9-xke7" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-rqwn-rfjf-sbf7" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-upap-7j5r-p7ch" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-v8ph-vrc7-7ue1" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-wx4r-avzg-kbgm" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zp67-1j8g-mufp" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-14603" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t3hz-688a-37g2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/184253?format=api", "vulnerability_id": "VCID-vc4h-7284-2qeb", "summary": "Multiple vulnerabilities have been found in Asterisk, the worst of\n which allows remote execution of arbitrary shell commands.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40123", "scoring_system": "epss", "scoring_elements": "0.97431", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.40123", "scoring_system": "epss", "scoring_elements": "0.9744", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.40123", "scoring_system": "epss", "scoring_elements": "0.97442", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909", "reference_id": "873909", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909" }, { "reference_url": "https://security.gentoo.org/glsa/201710-29", "reference_id": "GLSA-201710-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2017-14098" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vc4h-7284-2qeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/175165?format=api", "vulnerability_id": "VCID-zze4-ps2w-4qh9", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80258", "scoring_system": "epss", "scoring_elements": "0.99143", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.80258", "scoring_system": "epss", "scoring_elements": "0.99146", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554", "reference_id": "909554", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554" }, { "reference_url": "https://security.gentoo.org/glsa/201811-11", "reference_id": "GLSA-201811-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201811-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1076679?format=api", "purl": "pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-1j6s-5929-jba5" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-2yhz-4z7q-v3bj" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-3nmd-gfnx-zycc" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-4y87-mgkp-kug6" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5fnd-6j1g-v7dm" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-7p8w-juvq-9qbp" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-9wph-ucaa-byam" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-cx52-9j5c-bqbp" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-e4t6-kskm-qffn" }, { "vulnerability": "VCID-ej13-hta7-xfa9" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-ew6x-wukn-wff1" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m5j7-xrze-xqhb" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-t3hz-688a-37g2" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vc4h-7284-2qeb" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" }, { "vulnerability": "VCID-zze4-ps2w-4qh9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1079855?format=api", "purl": "pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19pf-yqxu-4ua8" }, { "vulnerability": "VCID-26cq-wj3k-fqb9" }, { "vulnerability": "VCID-285z-mgz1-q7cd" }, { "vulnerability": "VCID-3azv-xr5c-ckcf" }, { "vulnerability": "VCID-41pk-9azt-hqdx" }, { "vulnerability": "VCID-4ty4-xrdd-2kee" }, { "vulnerability": "VCID-546z-qwur-13h1" }, { "vulnerability": "VCID-591f-657m-77d7" }, { "vulnerability": "VCID-5sjg-t3ja-57be" }, { "vulnerability": "VCID-62p4-jvnj-8kfc" }, { "vulnerability": "VCID-6443-b986-kfb6" }, { "vulnerability": "VCID-6be8-mh9n-abhd" }, { "vulnerability": "VCID-6uaq-9f5x-pyff" }, { "vulnerability": "VCID-7ah9-w27g-ckg6" }, { "vulnerability": "VCID-82hr-cs3x-fqg9" }, { "vulnerability": "VCID-966j-625d-6fa9" }, { "vulnerability": "VCID-a151-bk88-hfhq" }, { "vulnerability": "VCID-aas9-5n54-c7cn" }, { "vulnerability": "VCID-avkx-5as3-jbar" }, { "vulnerability": "VCID-b4uk-43sc-fbch" }, { "vulnerability": "VCID-b6ga-bw58-sbcz" }, { "vulnerability": "VCID-bh6w-tmrd-w7eb" }, { "vulnerability": "VCID-bpvn-c1qp-6fdj" }, { "vulnerability": "VCID-csms-stcf-dkf4" }, { "vulnerability": "VCID-d5bd-s7g5-fufn" }, { "vulnerability": "VCID-emwd-gd9k-mygd" }, { "vulnerability": "VCID-g5a4-b3bm-2ucb" }, { "vulnerability": "VCID-h8bb-7n23-cfak" }, { "vulnerability": "VCID-js7f-w44p-rbgh" }, { "vulnerability": "VCID-k99k-99mz-8uc5" }, { "vulnerability": "VCID-m6wj-knxg-5ybg" }, { "vulnerability": "VCID-marj-g3q8-3fdt" }, { "vulnerability": "VCID-mks4-6gne-xker" }, { "vulnerability": "VCID-mmg1-2mu6-tyey" }, { "vulnerability": "VCID-mspu-bd2w-7qdw" }, { "vulnerability": "VCID-mssd-d438-7yga" }, { "vulnerability": "VCID-nt4b-2zg8-gya2" }, { "vulnerability": "VCID-nuyk-gtnh-t3g2" }, { "vulnerability": "VCID-nvcm-fd6a-nkbg" }, { "vulnerability": "VCID-r429-bk4p-g3er" }, { "vulnerability": "VCID-rbr5-7fna-q3f6" }, { "vulnerability": "VCID-tux5-7r7x-2kdf" }, { "vulnerability": "VCID-u654-2myp-67e8" }, { "vulnerability": "VCID-uu3k-v1gc-x7f8" }, { "vulnerability": "VCID-vvt7-cetm-4ydt" }, { "vulnerability": "VCID-wcrz-h8xd-cbez" }, { "vulnerability": "VCID-x29s-dc4y-jyf5" }, { "vulnerability": "VCID-x9x1-xcqa-5qdw" }, { "vulnerability": "VCID-xb6q-6m1c-5yfj" }, { "vulnerability": "VCID-xtjr-uufd-wqc8" }, { "vulnerability": "VCID-xx9n-5x9g-9fdd" }, { "vulnerability": "VCID-xzgv-h1e1-2fhm" }, { "vulnerability": "VCID-year-eh79-qfc2" }, { "vulnerability": "VCID-yqr3-7hk1-zfad" }, { "vulnerability": "VCID-z7pf-n9uf-7ff3" }, { "vulnerability": "VCID-zbbe-qnd8-4yau" }, { "vulnerability": "VCID-zwsy-26a5-tudy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" } ], "aliases": [ "CVE-2018-17281" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zze4-ps2w-4qh9" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2" }