Search for packages
| purl | pkg:deb/debian/asterisk@0?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1bxe-fg62-qugd | The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. |
CVE-2014-6609
|
| VCID-1t3u-22gq-qucr | Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1. |
CVE-2024-35190
|
| VCID-2xc3-aqh8-cubn | main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario. |
CVE-2019-15639
|
| VCID-3r26-8d9e-aqdm | asterisk: remote crash in SIP channel driver (AST-2009-002) |
CVE-2009-0871
|
| VCID-4658-u85z-zqhh | The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device. |
CVE-2014-4045
|
| VCID-81tr-5yzn-m7ap | chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. |
CVE-2012-3553
|
| VCID-a4na-u27r-sfc5 | The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. |
CVE-2014-4048
|
| VCID-agez-w3xn-63bt | Multiple buffer overflows in Asterisk might allow remote attackers to cause a Denial of Service condition. |
CVE-2014-2288
|
| VCID-an47-cxfn-77e8 | Multiple vulnerabilities have been found in Asterisk, the worst of which may allow execution of arbitrary code. |
CVE-2013-2685
|
| VCID-ge7t-fqyp-vyhz | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-26713
|
| VCID-jez3-sw2r-r3d6 | An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs. |
CVE-2016-9937
|
| VCID-mmng-tcuj-wkhu | An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. |
CVE-2018-12228
|
| VCID-pjwr-x9hp-g7dk | Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. |
CVE-2007-4521
|
| VCID-q3py-mykt-4kax | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
CVE-2025-49832
|
| VCID-tmja-qaa1-8kex | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
CVE-2025-57767
|
| VCID-ttmk-fs9h-hufh | An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop). |
CVE-2018-7287
|
| VCID-tw8d-u845-r3dq | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24754
|
| VCID-wbrs-de57-1bd9 | Multiple buffer overflows in Asterisk might allow remote attackers to cause a Denial of Service condition. |
CVE-2014-2289
|
| VCID-xcpx-unz5-gqbp | Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length. |
CVE-2018-19278
|
| VCID-xr4a-tmxe-8fcd | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-26712
|
| VCID-yyjj-7dwq-nueq | A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist. |
CVE-2018-7285
|
| VCID-zv1p-p8tb-dqhm | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-31878
|