VulnerableCode Package Details - pkg:apk/alpine/asterisk@15.6.2-r0?arch=x86

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-917e-7kp2-y3hw	res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.	CVE-2019-15297
VCID-qksp-5hqu-7qad	An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.	CVE-2019-7251
VCID-x2gp-mft6-1yhy	An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).	CVE-2019-13161
VCID-xbe4-uvqu-6kf7	Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.	CVE-2019-12827
VCID-xcpx-unz5-gqbp	Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.	CVE-2018-19278

Vulnerability

Summary

Aliases

VCID-917e-7kp2-y3hw

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

CVE-2019-15297

VCID-qksp-5hqu-7qad

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

CVE-2019-7251

VCID-x2gp-mft6-1yhy

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

CVE-2019-13161

VCID-xbe4-uvqu-6kf7

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

CVE-2019-12827

VCID-xcpx-unz5-gqbp

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

CVE-2018-19278

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:24:15.908298+00:00	Alpine Linux Importer	Fixing	VCID-xbe4-uvqu-6kf7	https://secdb.alpinelinux.org/v3.8/main.json	38.1.0
2026-04-01T19:24:32.280194+00:00	Alpine Linux Importer	Fixing	VCID-xcpx-unz5-gqbp	https://secdb.alpinelinux.org/v3.8/main.json	38.0.0
2026-04-01T19:24:27.808679+00:00	Alpine Linux Importer	Fixing	VCID-917e-7kp2-y3hw	https://secdb.alpinelinux.org/v3.8/main.json	38.0.0
2026-04-01T19:11:40.201764+00:00	Alpine Linux Importer	Fixing	VCID-x2gp-mft6-1yhy	https://secdb.alpinelinux.org/v3.8/main.json	38.0.0
2026-04-01T19:05:31.781517+00:00	Alpine Linux Importer	Fixing	VCID-qksp-5hqu-7qad	https://secdb.alpinelinux.org/v3.8/main.json	38.0.0