VulnerableCode Package Details - pkg:apk/alpine/asterisk@20.9.3-r0?arch=aarch64&distroversion=v3.23&reponame=main

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:apk/alpine/asterisk@20.9.3-r0?arch=aarch64&distroversion=v3.23&reponame=main

purl	pkg:apk/alpine/asterisk@20.9.3-r0?arch=aarch64&distroversion=v3.23&reponame=main

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-qcqe-63ev-f7gv	Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.	CVE-2024-42491

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T17:45:16.979626+00:00	Alpine Linux Importer	Fixing	VCID-qcqe-63ev-f7gv	https://secdb.alpinelinux.org/v3.23/main.json	38.1.0