Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid

Type deb

Namespace debian

Name asterisk

Version 1:1.2.11.dfsg-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:1.2.13~dfsg-1

Latest_non_vulnerable_version 1:22.9.0+dfsg+~cs6.16.60671434-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-kmay-1p7g-t7f5

vulnerability_id VCID-kmay-1p7g-t7f5

summary Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4345

reference_id

reference_type

scores

value	0.05153
scoring_system	epss
scoring_elements	0.90025
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060
reference_id	385060
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060

reference_url	https://security.gentoo.org/glsa/200610-15
reference_id	GLSA-200610-15
reference_type
scores
url	https://security.gentoo.org/glsa/200610-15

fixed_packages

url	pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.11.dfsg-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gh5j-yza2-v3fu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2006-4345

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmay-1p7g-t7f5

url VCID-wph3-agzg-1yea

vulnerability_id VCID-wph3-agzg-1yea

summary Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.