VulnerableCode Package Details - pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid

purl	pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-r54j-ydjm-4uca	Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.	CVE-2024-57520

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-12T17:46:43.135784+00:00	Debian Importer	Fixing	VCID-r54j-ydjm-4uca	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:19:49.482438+00:00	Debian Importer	Fixing	VCID-r54j-ydjm-4uca	https://security-tracker.debian.org/tracker/data/json	38.1.0