Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/asterisk@0?distro=sid

Type deb

Namespace debian

Name asterisk

Version 0

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 0.5.0

Latest_non_vulnerable_version 1:22.9.0+dfsg+~cs6.16.60671434-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1bxe-fg62-qugd

vulnerability_id VCID-1bxe-fg62-qugd

summary The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2014-009.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2014-009.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-6609

reference_id

reference_type

scores

value	0.00795
scoring_system	epss
scoring_elements	0.74022
published_at	2026-04-18T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73921
published_at	2026-04-01T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73931
published_at	2026-04-02T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73956
published_at	2026-04-04T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73927
published_at	2026-04-07T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73961
published_at	2026-04-08T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73975
published_at	2026-04-09T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73999
published_at	2026-04-11T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73981
published_at	2026-04-12T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.73972
published_at	2026-04-13T12:55:00Z

value	0.00795
scoring_system	epss
scoring_elements	0.74013
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-6609

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.4.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.5.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:rc1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-6609

reference_id

CVE-2014-6609

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-6609

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2014-6609

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxe-fg62-qugd

url VCID-1t3u-22gq-qucr

vulnerability_id VCID-1t3u-22gq-qucr

summary Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-35190

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.56117
published_at	2026-04-18T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56074
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56053
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56104
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5612
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56097
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5608
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56115
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56054
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-35190

reference_url

https://github.com/asterisk/asterisk/pull/600

reference_id

600

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/

url

https://github.com/asterisk/asterisk/pull/600

reference_url

https://github.com/asterisk/asterisk/pull/602

reference_id

602

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/

url

https://github.com/asterisk/asterisk/pull/602

reference_url

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d

reference_id

85241bd22936cc15760fd1f65d16c98be7aeaf6d

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/

url

https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

reference_id

GHSA-qqxj-v78h-hrf9

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2024-35190

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1t3u-22gq-qucr

url VCID-2xc3-aqh8-cubn

vulnerability_id VCID-2xc3-aqh8-cubn

summary main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2019-005.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2019-005.html

reference_url	http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15639

reference_id

reference_type

scores

value	0.088
scoring_system	epss
scoring_elements	0.92535
published_at	2026-04-18T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92526
published_at	2026-04-12T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92484
published_at	2026-04-01T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.9249
published_at	2026-04-02T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92499
published_at	2026-04-04T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92502
published_at	2026-04-07T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92513
published_at	2026-04-08T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92518
published_at	2026-04-09T12:55:00Z

value	0.088
scoring_system	epss
scoring_elements	0.92524
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15639

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk::::::::
reference_id	cpe:2.3:a:digium:asterisk::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-15639

reference_id

CVE-2019-15639

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-15639

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2019-15639

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc3-aqh8-cubn

url VCID-3r26-8d9e-aqdm

vulnerability_id VCID-3r26-8d9e-aqdm

summary asterisk: remote crash in SIP channel driver (AST-2009-002)

references

reference_url	http://bugs.digium.com/view.php?id=13547
reference_id
reference_type
scores
url	http://bugs.digium.com/view.php?id=13547

reference_url	http://bugs.digium.com/view.php?id=14417
reference_id
reference_type
scores
url	http://bugs.digium.com/view.php?id=14417

reference_url	http://downloads.digium.com/pub/security/AST-2009-002.html
reference_id
reference_type
scores
url	http://downloads.digium.com/pub/security/AST-2009-002.html

reference_url	http://osvdb.org/52568
reference_id
reference_type
scores
url	http://osvdb.org/52568

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0871

reference_id

reference_type

scores

value	0.02947
scoring_system	epss
scoring_elements	0.86469
published_at	2026-04-18T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86382
published_at	2026-04-01T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86393
published_at	2026-04-02T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.8641
published_at	2026-04-04T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86412
published_at	2026-04-07T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.8643
published_at	2026-04-08T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.8644
published_at	2026-04-09T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86454
published_at	2026-04-11T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86453
published_at	2026-04-12T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86448
published_at	2026-04-13T12:55:00Z

value	0.02947
scoring_system	epss
scoring_elements	0.86464
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0871

reference_url	http://secunia.com/advisories/34229
reference_id
reference_type
scores
url	http://secunia.com/advisories/34229

reference_url	http://www.securityfocus.com/archive/1/501656/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/501656/100/0/threaded

reference_url	http://www.securityfocus.com/bid/34070
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/34070

reference_url	http://www.securitytracker.com/id?1021834
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1021834

reference_url	http://www.vupen.com/english/advisories/2009/0667
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/0667

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=489725
reference_id	489725
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=489725

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.22:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.4.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.4.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23.1:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.4.23.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.1:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.2:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.4:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.5:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta2::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta3::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta4::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta5::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta6::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7.1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta7.1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7.1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta8::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta9::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:beta9::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta9::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc4::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc5::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc6::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:::::::*
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta2::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta3::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta4::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:1.6.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.2.3:-:business:::::*
reference_id	cpe:2.3:a:digium:asterisk:c.2.3:-:business:::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.2.3:-:business:::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0871

reference_id

CVE-2009-0871

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0871

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2009-0871

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3r26-8d9e-aqdm

url VCID-4658-u85z-zqhh

vulnerability_id VCID-4658-u85z-zqhh

summary The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2014-005.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2014-005.html

reference_url	http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4045

reference_id

reference_type

scores

value	0.01754
scoring_system	epss
scoring_elements	0.8261
published_at	2026-04-18T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82507
published_at	2026-04-01T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82522
published_at	2026-04-02T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82537
published_at	2026-04-04T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82533
published_at	2026-04-07T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82559
published_at	2026-04-08T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82567
published_at	2026-04-09T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82586
published_at	2026-04-11T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82579
published_at	2026-04-12T12:55:00Z

value	0.01754
scoring_system	epss
scoring_elements	0.82573
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4045

reference_url	http://www.securityfocus.com/archive/1/532414/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/532414/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-4045

reference_id

CVE-2014-4045

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-4045

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2014-4045

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4658-u85z-zqhh

url VCID-81tr-5yzn-m7ap

vulnerability_id VCID-81tr-5yzn-m7ap

summary chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3553

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.21098
published_at	2026-04-01T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.2125
published_at	2026-04-02T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21303
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21056
published_at	2026-04-07T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21136
published_at	2026-04-08T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21197
published_at	2026-04-09T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21208
published_at	2026-04-11T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21165
published_at	2026-04-12T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21114
published_at	2026-04-13T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21106
published_at	2026-04-16T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21117
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3553

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2012-3553

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81tr-5yzn-m7ap

url VCID-a4na-u27r-sfc5

vulnerability_id VCID-a4na-u27r-sfc5

summary The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2014-008.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2014-008.html

reference_url	http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html
reference_id
reference_type
scores
url	http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-4048

reference_id

reference_type

scores

value	0.01637
scoring_system	epss
scoring_elements	0.81961
published_at	2026-04-18T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.8186
published_at	2026-04-01T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81871
published_at	2026-04-02T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81894
published_at	2026-04-04T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.8189
published_at	2026-04-07T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81917
published_at	2026-04-08T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81923
published_at	2026-04-09T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81943
published_at	2026-04-11T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81931
published_at	2026-04-12T12:55:00Z

value	0.01637
scoring_system	epss
scoring_elements	0.81926
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-4048

reference_url	http://www.securityfocus.com/archive/1/532416/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/532416/100/0/threaded

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk::::::::
reference_id	cpe:2.3:a:digium:asterisk::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_id	cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_id	cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-4048

reference_id

CVE-2014-4048

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-4048

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2014-4048

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4na-u27r-sfc5

url VCID-agez-w3xn-63bt

vulnerability_id VCID-agez-w3xn-63bt

summary

Multiple buffer overflows in Asterisk might allow remote attackers
    to cause a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2288

reference_id

reference_type

scores

value	0.07478
scoring_system	epss
scoring_elements	0.91742
published_at	2026-04-01T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.9175
published_at	2026-04-02T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91756
published_at	2026-04-04T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91764
published_at	2026-04-07T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91776
published_at	2026-04-08T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91783
published_at	2026-04-09T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91786
published_at	2026-04-11T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91788
published_at	2026-04-12T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91784
published_at	2026-04-13T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91804
published_at	2026-04-16T12:55:00Z

value	0.07478
scoring_system	epss
scoring_elements	0.91796
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2288

reference_url	https://security.gentoo.org/glsa/201405-05
reference_id	GLSA-201405-05
reference_type
scores
url	https://security.gentoo.org/glsa/201405-05

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2014-2288

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agez-w3xn-63bt

url VCID-an47-cxfn-77e8

vulnerability_id VCID-an47-cxfn-77e8

summary

Multiple vulnerabilities have been found in Asterisk, the worst of
    which may allow execution of arbitrary code.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2013-001.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2013-001.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2685

reference_id

reference_type

scores

value	0.08932
scoring_system	epss
scoring_elements	0.926
published_at	2026-04-18T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92551
published_at	2026-04-01T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92557
published_at	2026-04-02T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92564
published_at	2026-04-04T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92566
published_at	2026-04-07T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92577
published_at	2026-04-08T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92582
published_at	2026-04-09T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92588
published_at	2026-04-12T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92587
published_at	2026-04-13T12:55:00Z

value	0.08932
scoring_system	epss
scoring_elements	0.92601
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2685

reference_url	https://issues.asterisk.org/jira/browse/ASTERISK-20901
reference_id
reference_type
scores
url	https://issues.asterisk.org/jira/browse/ASTERISK-20901

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta1::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta2::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc1::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc2::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.1:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.2:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc1::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc3::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.1:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.2:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc1::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc2::::::
reference_id	cpe:2.3:a:asterisk:open_source:11.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.1:::::::*
reference_id	cpe:2.3:a:asterisk:open_source:11.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2685

reference_id

CVE-2013-2685

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2685

reference_url	https://security.gentoo.org/glsa/201401-15
reference_id	GLSA-201401-15
reference_type
scores
url	https://security.gentoo.org/glsa/201401-15

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2013-2685

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-an47-cxfn-77e8

url VCID-ge7t-fqyp-vyhz

vulnerability_id VCID-ge7t-fqyp-vyhz

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26713

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43675
published_at	2026-04-01T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43731
published_at	2026-04-02T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43756
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43689
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4374
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43743
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43763
published_at	2026-04-11T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4373
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43714
published_at	2026-04-13T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43775
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43767
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26713

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2021-26713

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ge7t-fqyp-vyhz

url VCID-jez3-sw2r-r3d6

vulnerability_id VCID-jez3-sw2r-r3d6

summary An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9937

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56846
published_at	2026-04-01T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56941
published_at	2026-04-02T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56963
published_at	2026-04-04T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56939
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5699
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56993
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.57
published_at	2026-04-11T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.5698
published_at	2026-04-12T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56956
published_at	2026-04-13T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56985
published_at	2026-04-16T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56982
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9937

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2016-9937

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jez3-sw2r-r3d6

url VCID-mmng-tcuj-wkhu

vulnerability_id VCID-mmng-tcuj-wkhu

summary An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.

references

reference_url	http://downloads.asterisk.org/pub/security/AST-2018-007.html
reference_id
reference_type
scores
url	http://downloads.asterisk.org/pub/security/AST-2018-007.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-12228

reference_id

reference_type

scores

value	0.00422
scoring_system	epss
scoring_elements	0.62135
published_at	2026-04-18T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62129
published_at	2026-04-16T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.61958
published_at	2026-04-01T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62029
published_at	2026-04-02T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.6206
published_at	2026-04-04T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.6203
published_at	2026-04-07T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.6208
published_at	2026-04-08T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62097
published_at	2026-04-09T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62117
published_at	2026-04-11T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62106
published_at	2026-04-12T12:55:00Z

value	0.00422
scoring_system	epss
scoring_elements	0.62085
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-12228

reference_url	https://issues.asterisk.org/jira/browse/ASTERISK-27807
reference_id
reference_type
scores
url	https://issues.asterisk.org/jira/browse/ASTERISK-27807

reference_url	http://www.securityfocus.com/bid/104457
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/104457

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:asterisk::::::::
reference_id	cpe:2.3:a:sangoma:asterisk::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:asterisk::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-12228

reference_id

CVE-2018-12228

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:C

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-12228

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2018-12228

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmng-tcuj-wkhu

url VCID-pjwr-x9hp-g7dk

vulnerability_id VCID-pjwr-x9hp-g7dk

summary Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-4521

reference_id

reference_type

scores

value	0.02417
scoring_system	epss
scoring_elements	0.85042
published_at	2026-04-01T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85055
published_at	2026-04-02T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85072
published_at	2026-04-04T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85076
published_at	2026-04-07T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85098
published_at	2026-04-08T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85105
published_at	2026-04-09T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.8512
published_at	2026-04-11T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85118
published_at	2026-04-12T12:55:00Z

value	0.02417
scoring_system	epss
scoring_elements	0.85115
published_at	2026-04-13T12:55:00Z

value	0.02514
scoring_system	epss
scoring_elements	0.8542
published_at	2026-04-16T12:55:00Z

value	0.02514
scoring_system	epss
scoring_elements	0.85421
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-4521

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2007-4521

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjwr-x9hp-g7dk

url VCID-q3py-mykt-4kax

vulnerability_id VCID-q3py-mykt-4kax

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49832

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39269
published_at	2026-04-04T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39245
published_at	2026-04-02T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41373
published_at	2026-04-09T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41362
published_at	2026-04-12T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41348
published_at	2026-04-13T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41391
published_at	2026-04-16T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41315
published_at	2026-04-07T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41366
published_at	2026-04-08T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41394
published_at	2026-04-11T12:55:00Z

value	0.00263
scoring_system	epss
scoring_elements	0.49644
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49832

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317
reference_id	1110317
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr

reference_id

GHSA-mrq5-74j5-f5cr

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:28:56Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr

reference_url	https://security.gentoo.org/glsa/202601-04
reference_id	GLSA-202601-04
reference_type
scores
url	https://security.gentoo.org/glsa/202601-04

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2025-49832

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3py-mykt-4kax

url VCID-tmja-qaa1-8kex

vulnerability_id VCID-tmja-qaa1-8kex

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-57767

reference_id

reference_type

scores

value	0.00098
scoring_system	epss
scoring_elements	0.26857
published_at	2026-04-18T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26861
published_at	2026-04-07T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26929
published_at	2026-04-08T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26976
published_at	2026-04-09T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26979
published_at	2026-04-11T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26934
published_at	2026-04-12T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26876
published_at	2026-04-13T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.26886
published_at	2026-04-16T12:55:00Z

value	0.00098
scoring_system	epss
scoring_elements	0.2707
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28205
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-57767

reference_url

https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f

reference_id

02993717b08f899d4aca9888062f35dfb198584f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/

url

https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470
reference_id	1112470
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470

reference_url

https://github.com/asterisk/asterisk/pull/1407

reference_id

1407

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/

url

https://github.com/asterisk/asterisk/pull/1407

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j

reference_id

GHSA-64qc-9x89-rx5j

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j

reference_url	https://security.gentoo.org/glsa/202601-04
reference_id	GLSA-202601-04
reference_type
scores
url	https://security.gentoo.org/glsa/202601-04

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.2~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2025-57767

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tmja-qaa1-8kex

url VCID-ttmk-fs9h-hufh

vulnerability_id VCID-ttmk-fs9h-hufh

summary An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7287

reference_id

reference_type

scores

value	0.33107
scoring_system	epss
scoring_elements	0.96867
published_at	2026-04-01T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96874
published_at	2026-04-02T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96879
published_at	2026-04-04T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96884
published_at	2026-04-07T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96892
published_at	2026-04-08T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96893
published_at	2026-04-09T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96896
published_at	2026-04-11T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96898
published_at	2026-04-12T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96899
published_at	2026-04-13T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.96906
published_at	2026-04-16T12:55:00Z

value	0.33107
scoring_system	epss
scoring_elements	0.9691
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7287

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2018-7287

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttmk-fs9h-hufh

url VCID-tw8d-u845-r3dq

vulnerability_id VCID-tw8d-u845-r3dq

summary Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24754

reference_id

reference_type

scores

value	0.00466
scoring_system	epss
scoring_elements	0.64356
published_at	2026-04-02T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64385
published_at	2026-04-04T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64344
published_at	2026-04-07T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64393
published_at	2026-04-08T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64408
published_at	2026-04-12T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.6442
published_at	2026-04-11T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64379
published_at	2026-04-13T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64414
published_at	2026-04-16T12:55:00Z

value	0.00466
scoring_system	epss
scoring_elements	0.64426
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24754

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998
reference_id	1014998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998

reference_url

https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47

reference_id

d27f79da11df7bc8bb56c2f291d71e54df8d2c47

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/

url

https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47

reference_url

https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662

reference_id

GHSA-73f7-48m9-w662

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/

url

https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662

reference_url

https://security.gentoo.org/glsa/202210-37

reference_id

GLSA-202210-37

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/

url

https://security.gentoo.org/glsa/202210-37

reference_url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_id

msg00035.html

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/

url

https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_id

msg00038.html

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/

url

https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html

reference_url	https://usn.ubuntu.com/6422-1/
reference_id	USN-6422-1
reference_type
scores
url	https://usn.ubuntu.com/6422-1/

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2022-24754

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tw8d-u845-r3dq

url VCID-wbrs-de57-1bd9

vulnerability_id VCID-wbrs-de57-1bd9

summary

Multiple buffer overflows in Asterisk might allow remote attackers
    to cause a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2289

reference_id

reference_type

scores

value	0.03701
scoring_system	epss
scoring_elements	0.87898
published_at	2026-04-01T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87908
published_at	2026-04-02T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87922
published_at	2026-04-04T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87925
published_at	2026-04-07T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87946
published_at	2026-04-08T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87952
published_at	2026-04-09T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87963
published_at	2026-04-11T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87955
published_at	2026-04-13T12:55:00Z

value	0.03701
scoring_system	epss
scoring_elements	0.87969
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2289

reference_url	https://security.gentoo.org/glsa/201405-05
reference_id	GLSA-201405-05
reference_type
scores
url	https://security.gentoo.org/glsa/201405-05

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2014-2289

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wbrs-de57-1bd9

url VCID-xcpx-unz5-gqbp

vulnerability_id VCID-xcpx-unz5-gqbp

summary Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-19278

reference_id

reference_type

scores

value	0.03349
scoring_system	epss
scoring_elements	0.87266
published_at	2026-04-01T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87276
published_at	2026-04-02T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87292
published_at	2026-04-04T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.8729
published_at	2026-04-07T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87309
published_at	2026-04-08T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87317
published_at	2026-04-09T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87329
published_at	2026-04-11T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87323
published_at	2026-04-12T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87319
published_at	2026-04-13T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87333
published_at	2026-04-16T12:55:00Z

value	0.03349
scoring_system	epss
scoring_elements	0.87337
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-19278

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2018-19278

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xcpx-unz5-gqbp

url VCID-xr4a-tmxe-8fcd

vulnerability_id VCID-xr4a-tmxe-8fcd

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-26712

reference_id

reference_type

scores

value	0.0327
scoring_system	epss
scoring_elements	0.87107
published_at	2026-04-01T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87117
published_at	2026-04-02T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87134
published_at	2026-04-04T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87127
published_at	2026-04-07T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87147
published_at	2026-04-08T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87155
published_at	2026-04-09T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87168
published_at	2026-04-11T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87163
published_at	2026-04-12T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87158
published_at	2026-04-13T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87174
published_at	2026-04-16T12:55:00Z

value	0.0327
scoring_system	epss
scoring_elements	0.87179
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-26712

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2021-26712

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xr4a-tmxe-8fcd

url VCID-yyjj-7dwq-nueq

vulnerability_id VCID-yyjj-7dwq-nueq

summary A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7285

reference_id

reference_type

scores

value	0.00536
scoring_system	epss
scoring_elements	0.67391
published_at	2026-04-01T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67427
published_at	2026-04-07T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67448
published_at	2026-04-04T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67479
published_at	2026-04-08T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67493
published_at	2026-04-09T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67516
published_at	2026-04-11T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67503
published_at	2026-04-12T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67469
published_at	2026-04-13T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67506
published_at	2026-04-16T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67518
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7285

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2018-7285

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyjj-7dwq-nueq

url VCID-zv1p-p8tb-dqhm

vulnerability_id VCID-zv1p-p8tb-dqhm

summary Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-31878

reference_id

reference_type

scores

value	0.0019
scoring_system	epss
scoring_elements	0.40815
published_at	2026-04-01T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40898
published_at	2026-04-02T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40926
published_at	2026-04-04T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40854
published_at	2026-04-07T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40904
published_at	2026-04-08T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.4091
published_at	2026-04-09T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40927
published_at	2026-04-11T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40892
published_at	2026-04-12T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40873
published_at	2026-04-13T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40915
published_at	2026-04-16T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40884
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-31878

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url	pkg:deb/debian/asterisk@0?distro=sid
purl	pkg:deb/debian/asterisk@0?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-r54j-ydjm-4uca

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2021-31878

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zv1p-p8tb-dqhm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid

Package Instance