VulnerableCode Package Details - pkg:apk/alpine/asterisk@16.3.0-r2?arch=armv7&distroversion=v3.10&reponame=main

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-917e-7kp2-y3hw	res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.	CVE-2019-15297
VCID-x2gp-mft6-1yhy	An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).	CVE-2019-13161
VCID-xbe4-uvqu-6kf7	Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.	CVE-2019-12827

Vulnerability

Summary

Aliases

VCID-917e-7kp2-y3hw

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

CVE-2019-15297

VCID-x2gp-mft6-1yhy

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

CVE-2019-13161

VCID-xbe4-uvqu-6kf7

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

CVE-2019-12827

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:45:08.973937+00:00	Alpine Linux Importer	Fixing	VCID-x2gp-mft6-1yhy	https://secdb.alpinelinux.org/v3.10/main.json	38.1.0
2026-04-01T19:14:36.928055+00:00	Alpine Linux Importer	Fixing	VCID-917e-7kp2-y3hw	https://secdb.alpinelinux.org/v3.10/main.json	38.0.0
2026-04-01T19:07:26.338828+00:00	Alpine Linux Importer	Fixing	VCID-xbe4-uvqu-6kf7	https://secdb.alpinelinux.org/v3.10/main.json	38.0.0