VulnerableCode Package Details - pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-986n-21m7-fuc8	main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.	CVE-2010-1224
VCID-ennr-ek9z-a7db	The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.	CVE-2010-0685

Vulnerability

Summary

Aliases

VCID-986n-21m7-fuc8

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

CVE-2010-1224

VCID-ennr-ek9z-a7db

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

CVE-2010-0685

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:47:39.294699+00:00	Debian Importer	Fixing	VCID-ennr-ek9z-a7db	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:44:41.461189+00:00	Debian Importer	Fixing	VCID-986n-21m7-fuc8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T17:46:38.211466+00:00	Debian Importer	Fixing	VCID-986n-21m7-fuc8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:54:31.046426+00:00	Debian Importer	Fixing	VCID-ennr-ek9z-a7db	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:14:34.186434+00:00	Debian Importer	Fixing	VCID-986n-21m7-fuc8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:02:45.197682+00:00	Debian Importer	Fixing	VCID-ennr-ek9z-a7db	https://security-tracker.debian.org/tracker/data/json	38.1.0