{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","type":"deb","namespace":"debian","name":"asterisk","version":"1:16.28.0~dfsg-0+deb11u4","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:16.28.0~dfsg-0+deb11u5","latest_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86052?format=json","vulnerability_id":"VCID-gh5j-yza2-v3fu","summary":"Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520","reference_id":"","reference_type":"","scores":[{"value":"0.03515","scoring_system":"epss","scoring_elements":"0.87834","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57520"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57520"},{"reference_url":"https://github.com/asterisk/asterisk/issues/1122","reference_id":"1122","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://github.com/asterisk/asterisk/issues/1122"},{"reference_url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621","reference_id":"ae76ab25acfbe263b2ed7b24b6e5c621","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-06T15:16:16Z/"}],"url":"https://gist.github.com/hyp164D1/ae76ab25acfbe263b2ed7b24b6e5c621"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339486?format=json","purl":"pkg:deb/debian/asterisk@1:22.3.0~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.3.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-57520"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gh5j-yza2-v3fu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55451?format=json","vulnerability_id":"VCID-16jk-y7k8-j7be","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15639","reference_id":"","reference_type":"","scores":[{"value":"0.06064","scoring_system":"epss","scoring_elements":"0.90879","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15639"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-15639"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-16jk-y7k8-j7be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54290?format=json","vulnerability_id":"VCID-1ge4-qj69-5uhf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705","reference_id":"","reference_type":"","scores":[{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81524","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html","reference_id":"AST-2022-008.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339477?format=json","purl":"pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-42705"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ge4-qj69-5uhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84480?format=json","vulnerability_id":"VCID-1kgt-fs6d-fyfd","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60649","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_id":"bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr","reference_id":"GHSA-cxwq-5g9x-x7fr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339474?format=json","purl":"pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-23547"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1kgt-fs6d-fyfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82485?format=json","vulnerability_id":"VCID-1qv8-5g7m-9faq","summary":"In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14098","reference_id":"","reference_type":"","scores":[{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97404","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909","reference_id":"873909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339449?format=json","purl":"pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-14098"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1qv8-5g7m-9faq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58278?format=json","vulnerability_id":"VCID-1xch-hgev-7ugp","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294","reference_id":"","reference_type":"","scores":[{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95106","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032","reference_id":"1059032","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339481?format=json","purl":"pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.5.1~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2023-49294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xch-hgev-7ugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82734?format=json","vulnerability_id":"VCID-23bk-txpw-dugx","summary":"Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7617","reference_id":"","reference_type":"","scores":[{"value":"0.22039","scoring_system":"epss","scoring_elements":"0.95877","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7617"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859910","reference_id":"859910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859910"},{"reference_url":"https://usn.ubuntu.com/USN-4814-1/","reference_id":"USN-USN-4814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4814-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339454?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-7617"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-23bk-txpw-dugx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81264?format=json","vulnerability_id":"VCID-27vm-xs6e-qbcu","summary":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4063","reference_id":"","reference_type":"","scores":[{"value":"0.06434","scoring_system":"epss","scoring_elements":"0.91197","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4063"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4063"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647252","reference_id":"647252","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647252"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339432?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.7.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.7.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-4063"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-27vm-xs6e-qbcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55739?format=json","vulnerability_id":"VCID-2958-ba68-zber","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73168","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339475?format=json","purl":"pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24786"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2958-ba68-zber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78909?format=json","vulnerability_id":"VCID-2fgw-f9ej-2khk","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14100","reference_id":"","reference_type":"","scores":[{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97014","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908","reference_id":"873908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339449?format=json","purl":"pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-14100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fgw-f9ej-2khk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81482?format=json","vulnerability_id":"VCID-2gyd-ta4s-nuhq","summary":"chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2948","reference_id":"","reference_type":"","scores":[{"value":"0.03932","scoring_system":"epss","scoring_elements":"0.88522","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2948"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210","reference_id":"675210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675210"},{"reference_url":"https://security.gentoo.org/glsa/201206-05","reference_id":"GLSA-201206-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339438?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2948"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gyd-ta4s-nuhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61425?format=json","vulnerability_id":"VCID-2n6j-2vwn-23cu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491","reference_id":"","reference_type":"","scores":[{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_id":"4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"},{"reference_url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_id":"50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0","reference_id":"a15050650abf09c10a3c135fab148220cd41d3a0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9","reference_id":"GHSA-v428-g3cw-7hv9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339482?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339483?format=json","purl":"pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.9.3~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-42491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2n6j-2vwn-23cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78912?format=json","vulnerability_id":"VCID-2u8a-413w-eufb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14603","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73378","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328","reference_id":"876328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339450?format=json","purl":"pkg:deb/debian/asterisk@1:13.17.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-14603"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8a-413w-eufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80293?format=json","vulnerability_id":"VCID-2xxf-t9ck-a7dj","summary":"Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5444","reference_id":"","reference_type":"","scores":[{"value":"0.87055","scoring_system":"epss","scoring_elements":"0.99455","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080","reference_id":"395080","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080"},{"reference_url":"https://security.gentoo.org/glsa/200610-15","reference_id":"GLSA-200610-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200610-15"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl","reference_id":"OSVDB-29972;CVE-2006-5444","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/2597.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339396?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.13~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-5444"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xxf-t9ck-a7dj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80658?format=json","vulnerability_id":"VCID-2z7b-d497-jbb6","summary":"The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3264","reference_id":"","reference_type":"","scores":[{"value":"0.07458","scoring_system":"epss","scoring_elements":"0.9188","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3264"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339416?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-3264"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2z7b-d497-jbb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81187?format=json","vulnerability_id":"VCID-2znv-h5e5-83ba","summary":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2536","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40346","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2536"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2536","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2536"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632029","reference_id":"632029","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632029"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339430?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.4.4~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.4~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2536"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2znv-h5e5-83ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79000?format=json","vulnerability_id":"VCID-35pt-pmnz-d7ah","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12227","reference_id":"","reference_type":"","scores":[{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.77934","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954","reference_id":"902954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339456?format=json","purl":"pkg:deb/debian/asterisk@1:13.22.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.22.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-12227"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35pt-pmnz-d7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78619?format=json","vulnerability_id":"VCID-3ary-4n7t-4uat","summary":"asterisk: HTTP Manager ID is predictable (AST-2008-005)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1390","reference_id":"","reference_type":"","scores":[{"value":"0.03015","scoring_system":"epss","scoring_elements":"0.86833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1390"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1390"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=438131","reference_id":"438131","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=438131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1390"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ary-4n7t-4uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81193?format=json","vulnerability_id":"VCID-3j5q-cg6c-37ca","summary":"The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2666","reference_id":"","reference_type":"","scores":[{"value":"0.0059","scoring_system":"epss","scoring_elements":"0.69494","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2666"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2666"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3j5q-cg6c-37ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81481?format=json","vulnerability_id":"VCID-3qtt-h73s-afed","summary":"chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2947","reference_id":"","reference_type":"","scores":[{"value":"0.04301","scoring_system":"epss","scoring_elements":"0.89045","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2947","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2947"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204","reference_id":"675204","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675204"},{"reference_url":"https://security.gentoo.org/glsa/201206-05","reference_id":"GLSA-201206-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339438?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2947"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3qtt-h73s-afed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55737?format=json","vulnerability_id":"VCID-3sq8-pd6a-s7gk","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53588","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339471?format=json","purl":"pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43804"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sq8-pd6a-s7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59778?format=json","vulnerability_id":"VCID-3sxs-zzug-e3dd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585","reference_id":"","reference_type":"","scores":[{"value":"0.00495","scoring_system":"epss","scoring_elements":"0.66037","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697","reference_id":"1036697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_id":"d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5"},{"reference_url":"https://www.debian.org/security/2023/dsa-5438","reference_id":"dsa-5438","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.debian.org/security/2023/dsa-5438"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr","reference_id":"GHSA-q9cp-8wcq-7pfr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr"},{"reference_url":"https://security.gentoo.org/glsa/202409-05","reference_id":"GLSA-202409-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-05"},{"reference_url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm","reference_id":"group__PJ__DNS__RESOLVER.htm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339479?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339474?format=json","purl":"pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2023-27585"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sxs-zzug-e3dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80414?format=json","vulnerability_id":"VCID-4278-jnsa-byd6","summary":"The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1561","reference_id":"","reference_type":"","scores":[{"value":"0.20671","scoring_system":"epss","scoring_elements":"0.95688","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415466","reference_id":"415466","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415466"},{"reference_url":"https://security.gentoo.org/glsa/200704-01","reference_id":"GLSA-200704-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200704-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3566.pl","reference_id":"OSVDB-34479;CVE-2007-1561","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3566.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339398?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.2~dfsg-5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.2~dfsg-5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-1561"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4278-jnsa-byd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58645?format=json","vulnerability_id":"VCID-4apf-xu3j-puaz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43709","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4apf-xu3j-puaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81904?format=json","vulnerability_id":"VCID-4fy9-fsdz-vydu","summary":"ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8414","reference_id":"","reference_type":"","scores":[{"value":"0.01902","scoring_system":"epss","scoring_elements":"0.83551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463","reference_id":"771463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463"},{"reference_url":"https://security.gentoo.org/glsa/201412-51","reference_id":"GLSA-201412-51","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4fy9-fsdz-vydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52932?format=json","vulnerability_id":"VCID-4kz7-yjas-sbc7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792","reference_id":"","reference_type":"","scores":[{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82077","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213","reference_id":"947bc1ee6d05be10204b918df75a503415fd3213","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799","reference_id":"GHSA-rwgw-vwxg-q799","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339475?format=json","purl":"pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24792"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kz7-yjas-sbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54495?format=json","vulnerability_id":"VCID-4x41-u9ak-xkee","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827","reference_id":"","reference_type":"","scores":[{"value":"0.1959","scoring_system":"epss","scoring_elements":"0.95515","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980","reference_id":"931980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339459?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-12827"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4x41-u9ak-xkee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71286?format=json","vulnerability_id":"VCID-52sm-w418-dfb3","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5642","reference_id":"","reference_type":"","scores":[{"value":"0.05078","scoring_system":"epss","scoring_elements":"0.8994","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5642"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220","reference_id":"721220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339440?format=json","purl":"pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.5.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-5642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-52sm-w418-dfb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89625?format=json","vulnerability_id":"VCID-58dv-5kdf-nka1","summary":"An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9937","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5715","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9937"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-9937"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58dv-5kdf-nka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78908?format=json","vulnerability_id":"VCID-59nk-y2rx-jbhf","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14099","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58955","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907","reference_id":"873907","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339449?format=json","purl":"pkg:deb/debian/asterisk@1:13.17.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.17.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-14099"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-59nk-y2rx-jbhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80638?format=json","vulnerability_id":"VCID-5myw-m4jg-1few","summary":"Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2119","reference_id":"","reference_type":"","scores":[{"value":"0.10134","scoring_system":"epss","scoring_elements":"0.93222","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-2119"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2119"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/5749.pl","reference_id":"OSVDB-46014;CVE-2008-2119","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/5749.pl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339415?format=json","purl":"pkg:deb/debian/asterisk@1.4?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1.4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-2119"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5myw-m4jg-1few"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61113?format=json","vulnerability_id":"VCID-5qst-5wmy-8fhy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325","reference_id":"","reference_type":"","scores":[{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71922","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html","reference_id":"AST-2022-007.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339477?format=json","purl":"pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-37325"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qst-5wmy-8fhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81136?format=json","vulnerability_id":"VCID-5z33-txfx-6bce","summary":"Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1507","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34786","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1507"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-1507"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5z33-txfx-6bce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80440?format=json","vulnerability_id":"VCID-62kq-8qcn-yba6","summary":"The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2294","reference_id":"","reference_type":"","scores":[{"value":"0.05909","scoring_system":"epss","scoring_elements":"0.90746","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339400?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.3~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-2294"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62kq-8qcn-yba6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74664?format=json","vulnerability_id":"VCID-637n-um64-7bfz","summary":"asterisk: remote crash in SIP channel driver (AST-2009-002)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0871","reference_id":"","reference_type":"","scores":[{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86683","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=489725","reference_id":"489725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=489725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-0871"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-637n-um64-7bfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60703?format=json","vulnerability_id":"VCID-67xa-jnpj-87gs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706","reference_id":"","reference_type":"","scores":[{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74527","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html","reference_id":"AST-2022-009.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339477?format=json","purl":"pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-42706"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67xa-jnpj-87gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78652?format=json","vulnerability_id":"VCID-6c2s-3d5y-xyft","summary":"asterisk: SIP valid account enumeration flaw","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3903","reference_id":"","reference_type":"","scores":[{"value":"0.00731","scoring_system":"epss","scoring_elements":"0.7301","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=461271","reference_id":"461271","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=461271"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528","reference_id":"522528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339417?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-3903"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6c2s-3d5y-xyft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80415?format=json","vulnerability_id":"VCID-6f27-bqb3-1bg5","summary":"The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1595","reference_id":"","reference_type":"","scores":[{"value":"0.00848","scoring_system":"epss","scoring_elements":"0.75156","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1595"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339399?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-1595"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f27-bqb3-1bg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80580?format=json","vulnerability_id":"VCID-6f8u-n8g1-nyeg","summary":"Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations (\"realtime\") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6430","reference_id":"","reference_type":"","scores":[{"value":"0.00659","scoring_system":"epss","scoring_elements":"0.7142","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6430"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457063","reference_id":"457063","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457063"},{"reference_url":"https://security.gentoo.org/glsa/200804-13","reference_id":"GLSA-200804-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339411?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.16.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.16.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-6430"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f8u-n8g1-nyeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63330?format=json","vulnerability_id":"VCID-6fm4-haca-cydr","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59553","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339470?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43299"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fm4-haca-cydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81296?format=json","vulnerability_id":"VCID-6qrf-j2tj-pkbg","summary":"The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4598","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70713","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4598"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552","reference_id":"651552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339433?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-4598"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qrf-j2tj-pkbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81192?format=json","vulnerability_id":"VCID-6swb-auc8-pygr","summary":"reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2665","reference_id":"","reference_type":"","scores":[{"value":"0.02315","scoring_system":"epss","scoring_elements":"0.85042","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2665"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2665"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631445","reference_id":"631445","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631445"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339429?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2665"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6swb-auc8-pygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79001?format=json","vulnerability_id":"VCID-6xwa-84z9-gkdt","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17281","reference_id":"","reference_type":"","scores":[{"value":"0.80258","scoring_system":"epss","scoring_elements":"0.99142","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554","reference_id":"909554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339457?format=json","purl":"pkg:deb/debian/asterisk@1:13.23.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.23.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-17281"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xwa-84z9-gkdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80394?format=json","vulnerability_id":"VCID-7bc7-k654-akby","summary":"Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1306","reference_id":"","reference_type":"","scores":[{"value":"0.197","scoring_system":"epss","scoring_elements":"0.95535","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1306"},{"reference_url":"https://security.gentoo.org/glsa/200703-14","reference_id":"GLSA-200703-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200703-14"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3407.c","reference_id":"OSVDB-33888;CVE-2007-1306","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/3407.c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339397?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.16~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.16~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-1306"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7bc7-k654-akby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81858?format=json","vulnerability_id":"VCID-7r1a-5ar4-jfcf","summary":"Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4047","reference_id":"","reference_type":"","scores":[{"value":"0.03038","scoring_system":"epss","scoring_elements":"0.86896","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4047"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4047"},{"reference_url":"https://security.gentoo.org/glsa/201406-25","reference_id":"GLSA-201406-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339443?format=json","purl":"pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.10.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4047"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7r1a-5ar4-jfcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64036?format=json","vulnerability_id":"VCID-7uxm-rubg-mbdq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37917","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339478?format=json","purl":"pkg:deb/debian/asterisk@1:20.3.0~dfsg%2B~cs6.13.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.3.0~dfsg%252B~cs6.13.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-39269"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uxm-rubg-mbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81368?format=json","vulnerability_id":"VCID-8e1f-41mn-3bh4","summary":"chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0885","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77906","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656596","reference_id":"656596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656596"},{"reference_url":"https://security.gentoo.org/glsa/201202-06","reference_id":"GLSA-201202-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-06"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339434?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.8.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-0885"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e1f-41mn-3bh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75590?format=json","vulnerability_id":"VCID-8hf1-hkj1-vffb","summary":"FrameWork: XSS Ajax requests (AST-2009-009)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220","reference_id":"","reference_type":"","scores":[{"value":"0.10024","scoring_system":"epss","scoring_elements":"0.93184","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-7220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277","reference_id":"523277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242","reference_id":"555242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244","reference_id":"555244","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555244"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259","reference_id":"555259","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555259"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266","reference_id":"555266","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555266"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339402?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-7220"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8hf1-hkj1-vffb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89623?format=json","vulnerability_id":"VCID-8j3f-r3ze-yygu","summary":"The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4048","reference_id":"","reference_type":"","scores":[{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.82234","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4048"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8j3f-r3ze-yygu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80745?format=json","vulnerability_id":"VCID-8t58-6hnp-dyhh","summary":"Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5558","reference_id":"","reference_type":"","scores":[{"value":"0.02263","scoring_system":"epss","scoring_elements":"0.84893","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5558"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686","reference_id":"509686","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509686"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339399?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-5558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8t58-6hnp-dyhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54150?format=json","vulnerability_id":"VCID-8vde-2bve-qfek","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35190","reference_id":"","reference_type":"","scores":[{"value":"0.00183","scoring_system":"epss","scoring_elements":"0.3975","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35190"},{"reference_url":"https://github.com/asterisk/asterisk/pull/600","reference_id":"600","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/pull/600"},{"reference_url":"https://github.com/asterisk/asterisk/pull/602","reference_id":"602","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/pull/602"},{"reference_url":"https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d","reference_id":"85241bd22936cc15760fd1f65d16c98be7aeaf6d","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9","reference_id":"GHSA-qqxj-v78h-hrf9","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-35190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vde-2bve-qfek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89626?format=json","vulnerability_id":"VCID-8zwv-ea4b-1kgr","summary":"An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12228","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62352","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-12228"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zwv-ea4b-1kgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81121?format=json","vulnerability_id":"VCID-93p3-29pk-kkhm","summary":"Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1147","reference_id":"","reference_type":"","scores":[{"value":"0.0342","scoring_system":"epss","scoring_elements":"0.8765","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1147"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580","reference_id":"614580","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614580"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-1147"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93p3-29pk-kkhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81888?format=json","vulnerability_id":"VCID-9a88-mws1-k3dk","summary":"Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6610","reference_id":"","reference_type":"","scores":[{"value":"0.01519","scoring_system":"epss","scoring_elements":"0.81541","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762164","reference_id":"762164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762164"},{"reference_url":"https://security.gentoo.org/glsa/201411-10","reference_id":"GLSA-201411-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339444?format=json","purl":"pkg:deb/debian/asterisk@1:11.12.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.12.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-6610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9a88-mws1-k3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81393?format=json","vulnerability_id":"VCID-9bs1-zeq7-jfaa","summary":"Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1184","reference_id":"","reference_type":"","scores":[{"value":"0.37421","scoring_system":"epss","scoring_elements":"0.97256","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1184"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1184","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1184"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411","reference_id":"664411","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18855.txt","reference_id":"CVE-2012-1184;OSVDB-80126","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/18855.txt"},{"reference_url":"https://security.gentoo.org/glsa/201203-21","reference_id":"GLSA-201203-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339435?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-1184"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9bs1-zeq7-jfaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84311?format=json","vulnerability_id":"VCID-9d1k-5q7h-eygy","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3264","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073","reference_id":"1018073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339472?format=json","purl":"pkg:deb/debian/asterisk@1:18.9.0~dfsg%2B~cs6.10.40431411-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.9.0~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-46837"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9d1k-5q7h-eygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74206?format=json","vulnerability_id":"VCID-9hy7-11uc-ekdj","summary":"asterisk: remote DoS on receipt of malformed RTP text frames","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2651.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2651.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2651","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.2175","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2651"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=514953","reference_id":"514953","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=514953"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473","reference_id":"539473","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339420?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-2651"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hy7-11uc-ekdj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82544?format=json","vulnerability_id":"VCID-9r8k-em1c-rbep","summary":"An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17850","reference_id":"","reference_type":"","scores":[{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96736","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072","reference_id":"885072","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339453?format=json","purl":"pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.5~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-17850"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9r8k-em1c-rbep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80572?format=json","vulnerability_id":"VCID-9t5p-up39-2qcs","summary":"SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6170","reference_id":"","reference_type":"","scores":[{"value":"0.00367","scoring_system":"epss","scoring_elements":"0.58875","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6170"},{"reference_url":"https://security.gentoo.org/glsa/200804-13","reference_id":"GLSA-200804-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339410?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.15~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-6170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t5p-up39-2qcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10240?format=json","vulnerability_id":"VCID-9zza-5utn-3bd4","summary":"Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03943","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723","reference_id":"2437723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c","reference_id":"GHSA-xpc6-x892-v83c","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339493?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339494?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2026-23740"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9zza-5utn-3bd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53133?format=json","vulnerability_id":"VCID-aab3-vkqd-xugq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73816","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339476?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-26498"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aab3-vkqd-xugq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58279?format=json","vulnerability_id":"VCID-ac5u-zapr-jkhv","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55363","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339470?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43302"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ac5u-zapr-jkhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53890?format=json","vulnerability_id":"VCID-afrg-g4hu-43aj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610","reference_id":"","reference_type":"","scores":[{"value":"0.41891","scoring_system":"epss","scoring_elements":"0.97491","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377","reference_id":"947377","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339460?format=json","purl":"pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-18610"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afrg-g4hu-43aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89005?format=json","vulnerability_id":"VCID-agdf-v24e-zfcj","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57767","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36777","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57767"},{"reference_url":"https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f","reference_id":"02993717b08f899d4aca9888062f35dfb198584f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470","reference_id":"1112470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1407","reference_id":"1407","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1407"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j","reference_id":"GHSA-64qc-9x89-rx5j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339492?format=json","purl":"pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.2~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-57767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agdf-v24e-zfcj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86417?format=json","vulnerability_id":"VCID-and4-m6yw-yua9","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51517","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528","reference_id":"1106528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw","reference_id":"GHSA-2grh-7mhv-fcfw","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"},{"reference_url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample","reference_id":"pjsip.conf.sample","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339489?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339490?format=json","purl":"pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-47779"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-and4-m6yw-yua9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86213?format=json","vulnerability_id":"VCID-aqzr-xqpk-83fw","summary":"A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.   Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.167","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp","reference_id":"GHSA-v9q8-9j8m-5xwp","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339487?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u8%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339488?format=json","purl":"pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-1131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqzr-xqpk-83fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80657?format=json","vulnerability_id":"VCID-ar64-v7yh-fug4","summary":"The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3263","reference_id":"","reference_type":"","scores":[{"value":"0.36096","scoring_system":"epss","scoring_elements":"0.97174","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3263"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3263"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32095.pl","reference_id":"CVE-2008-3263;OSVDB-47253","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/32095.pl"},{"reference_url":"https://www.securityfocus.com/bid/30321/info","reference_id":"CVE-2008-3263;OSVDB-47253","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/30321/info"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339416?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.21.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-3263"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ar64-v7yh-fug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79144?format=json","vulnerability_id":"VCID-auhz-ddkv-nkhe","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7551","reference_id":"","reference_type":"","scores":[{"value":"0.0663","scoring_system":"epss","scoring_elements":"0.91336","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7551"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832","reference_id":"838832","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838832"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339447?format=json","purl":"pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.11.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-7551"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-auhz-ddkv-nkhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54067?format=json","vulnerability_id":"VCID-bact-r8tn-d3gz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62703","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339470?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43301"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bact-r8tn-d3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81183?format=json","vulnerability_id":"VCID-bbsx-hjxg-nybm","summary":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2529","reference_id":"","reference_type":"","scores":[{"value":"0.03361","scoring_system":"epss","scoring_elements":"0.8755","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631446","reference_id":"631446","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631446"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339429?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2529"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bbsx-hjxg-nybm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81449?format=json","vulnerability_id":"VCID-bh15-8qwt-b7fp","summary":"main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2414","reference_id":"","reference_type":"","scores":[{"value":"0.04278","scoring_system":"epss","scoring_elements":"0.89014","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2414"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2414"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180","reference_id":"670180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180"},{"reference_url":"https://security.gentoo.org/glsa/201206-05","reference_id":"GLSA-201206-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339437?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2414"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bh15-8qwt-b7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78999?format=json","vulnerability_id":"VCID-bjks-t8ur-kyc9","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7286","reference_id":"","reference_type":"","scores":[{"value":"0.54632","scoring_system":"epss","scoring_elements":"0.98075","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228","reference_id":"891228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py","reference_id":"CVE-2018-7286","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py"},{"reference_url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md","reference_id":"CVE-2018-7286","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339458?format=json","purl":"pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.20.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7286"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjks-t8ur-kyc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89004?format=json","vulnerability_id":"VCID-bpt1-f6tf-rygf","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49832","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77898","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317","reference_id":"1110317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr","reference_id":"GHSA-mrq5-74j5-f5cr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:28:56Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339488?format=json","purl":"pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-49832"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bpt1-f6tf-rygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83814?format=json","vulnerability_id":"VCID-bqyw-wjb9-w3b4","summary":"An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61408","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713","reference_id":"974713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339463?format=json","purl":"pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2020-28242"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bqyw-wjb9-w3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81451?format=json","vulnerability_id":"VCID-bv4k-ectn-2bga","summary":"chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2416","reference_id":"","reference_type":"","scores":[{"value":"0.05048","scoring_system":"epss","scoring_elements":"0.89913","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2416"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180","reference_id":"670180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180"},{"reference_url":"https://security.gentoo.org/glsa/201206-05","reference_id":"GLSA-201206-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339437?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2416"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bv4k-ectn-2bga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58265?format=json","vulnerability_id":"VCID-c4aq-swne-d3cd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64469","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_id":"22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36","reference_id":"GHSA-m66q-q64c-hv36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339471?format=json","purl":"pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-21722"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4aq-swne-d3cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55382?format=json","vulnerability_id":"VCID-c69c-x1by-cfgq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686","reference_id":"","reference_type":"","scores":[{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82458","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931","reference_id":"991931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339466?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339467?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-32686"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c69c-x1by-cfgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55808?format=json","vulnerability_id":"VCID-cbqr-82pp-9yb6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24635","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158","reference_id":"983158","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339465?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2020-35776"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbqr-82pp-9yb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81123?format=json","vulnerability_id":"VCID-cf97-dgaw-a7ft","summary":"tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1175","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.5204","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1175"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1175"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-1175"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf97-dgaw-a7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54257?format=json","vulnerability_id":"VCID-cmy5-3fnq-v3gz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24754","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68301","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47","reference_id":"d27f79da11df7bc8bb56c2f291d71e54df8d2c47","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662","reference_id":"GHSA-73f7-48m9-w662","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24754"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmy5-3fnq-v3gz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81186?format=json","vulnerability_id":"VCID-cr6q-j8r8-aycs","summary":"chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2535","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39355","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2535"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2535","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2535"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448","reference_id":"631448","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631448"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339429?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.4.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2535"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cr6q-j8r8-aycs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80634?format=json","vulnerability_id":"VCID-d23v-361c-kfhj","summary":"The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends \"early audio\" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1923","reference_id":"","reference_type":"","scores":[{"value":"0.01525","scoring_system":"epss","scoring_elements":"0.8158","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1923"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1923"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1923"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d23v-361c-kfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81907?format=json","vulnerability_id":"VCID-d9ww-rj4r-tkh6","summary":"ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8417","reference_id":"","reference_type":"","scores":[{"value":"0.00897","scoring_system":"epss","scoring_elements":"0.75968","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463","reference_id":"771463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463"},{"reference_url":"https://security.gentoo.org/glsa/201412-51","reference_id":"GLSA-201412-51","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8417"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9ww-rj4r-tkh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62489?format=json","vulnerability_id":"VCID-dbuh-qhu9-gfc1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62703","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339470?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43300"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbuh-qhu9-gfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66986?format=json","vulnerability_id":"VCID-dqu7-pd5w-eua6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6649","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339469?format=json","purl":"pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-37706"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dqu7-pd5w-eua6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78998?format=json","vulnerability_id":"VCID-dtxn-zzne-wueq","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7284","reference_id":"","reference_type":"","scores":[{"value":"0.65243","scoring_system":"epss","scoring_elements":"0.98501","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227","reference_id":"891227","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py","reference_id":"CVE-2018-7284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py"},{"reference_url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md","reference_id":"CVE-2018-7284","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339458?format=json","purl":"pkg:deb/debian/asterisk@1:13.20.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.20.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7284"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dtxn-zzne-wueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82298?format=json","vulnerability_id":"VCID-dv6b-cyft-5kcd","summary":"asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7550","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30917","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7550"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7550","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7550"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838833","reference_id":"838833","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838833"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339447?format=json","purl":"pkg:deb/debian/asterisk@1:13.11.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.11.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-7550"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dv6b-cyft-5kcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82360?format=json","vulnerability_id":"VCID-dzse-tta6-nuex","summary":"An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9938","reference_id":"","reference_type":"","scores":[{"value":"0.01419","scoring_system":"epss","scoring_elements":"0.80891","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9938"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668","reference_id":"847668","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339448?format=json","purl":"pkg:deb/debian/asterisk@1:13.13.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.13.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-9938"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzse-tta6-nuex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74797?format=json","vulnerability_id":"VCID-e8pp-29uh-dfam","summary":"asterisk: Replies to failed login attempts differently based on whether the user account exists (information disclosure)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0041.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0041","reference_id":"","reference_type":"","scores":[{"value":"0.0086","scoring_system":"epss","scoring_elements":"0.75329","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=480132","reference_id":"480132","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=480132"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513413","reference_id":"513413","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513413"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339418?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.1.0~dfsg~rc3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.1.0~dfsg~rc3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-0041"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8pp-29uh-dfam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80861?format=json","vulnerability_id":"VCID-e918-vkmk-h7gu","summary":"rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4055","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67216","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-4055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103","reference_id":"559103","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559103"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339423?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~rc7-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc7-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-4055"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e918-vkmk-h7gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80489?format=json","vulnerability_id":"VCID-eek3-jw4a-mkhh","summary":"The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an \"overly large memcpy.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3764","reference_id":"","reference_type":"","scores":[{"value":"0.45627","scoring_system":"epss","scoring_elements":"0.97675","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4196.c","reference_id":"CVE-2007-3764","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4196.c"},{"reference_url":"https://security.gentoo.org/glsa/200802-11","reference_id":"GLSA-200802-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200802-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339404?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-3764"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eek3-jw4a-mkhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81520?format=json","vulnerability_id":"VCID-emr1-3t75-ekg4","summary":"channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3863","reference_id":"","reference_type":"","scores":[{"value":"0.07186","scoring_system":"epss","scoring_elements":"0.91712","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3863"},{"reference_url":"https://security.gentoo.org/glsa/201209-15","reference_id":"GLSA-201209-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339436?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-3863"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emr1-3t75-ekg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63883?format=json","vulnerability_id":"VCID-f5a4-mbpj-zbc6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22336","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339480?format=json","purl":"pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.8.1~dfsg%252B~cs6.14.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2023-37457"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5a4-mbpj-zbc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79982?format=json","vulnerability_id":"VCID-g9s9-6kbt-qba4","summary":"Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2081","reference_id":"","reference_type":"","scores":[{"value":"0.00347","scoring_system":"epss","scoring_elements":"0.57515","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2081"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315532","reference_id":"315532","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339391?format=json","purl":"pkg:deb/debian/asterisk@1:1.0.9.dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.0.9.dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2005-2081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9s9-6kbt-qba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59465?format=json","vulnerability_id":"VCID-gvsp-6zd7-5kbn","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21113","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566"},{"reference_url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616","reference_id":"e7c0f44ffb38c00320aa1a6d98bee616","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616"},{"reference_url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556","reference_id":"manager.c#L2556","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339484?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u6?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u6%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339485?format=json","purl":"pkg:deb/debian/asterisk@1:22.1.1~dfsg%2B~cs6.14.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.1.1~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-53566"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvsp-6zd7-5kbn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89302?format=json","vulnerability_id":"VCID-gyv9-xjx6-f3c4","summary":"Multiple buffer overflows in Asterisk might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2289","reference_id":"","reference_type":"","scores":[{"value":"0.03251","scoring_system":"epss","scoring_elements":"0.87345","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2289"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv9-xjx6-f3c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58414?format=json","vulnerability_id":"VCID-h29y-p6u4-c3d8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22993","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033","reference_id":"1059033","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Dec/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/15/7","reference_id":"7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/15/7"},{"reference_url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html","reference_id":"Asterisk-20.1.0-Denial-Of-Service.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"},{"reference_url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05","reference_id":"d7d7764cb07c8a1872804321302ef93bf62cba05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"},{"reference_url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race","reference_id":"ES2023-01-asterisk-dtls-hello-race","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq","reference_id":"GHSA-hxj9-xwr8-w8pq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339481?format=json","purl":"pkg:deb/debian/asterisk@1:20.5.1~dfsg%2B~cs6.13.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.5.1~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2023-49786"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h29y-p6u4-c3d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78958?format=json","vulnerability_id":"VCID-h63n-n2u4-vqff","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17090","reference_id":"","reference_type":"","scores":[{"value":"0.80582","scoring_system":"epss","scoring_elements":"0.99158","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342","reference_id":"883342","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py","reference_id":"CVE-2017-17090;AST-2017-01","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339452?format=json","purl":"pkg:deb/debian/asterisk@1:13.18.3~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.3~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-17090"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h63n-n2u4-vqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79668?format=json","vulnerability_id":"VCID-hfmb-gc77-7fav","summary":"Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0761","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32241","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339388?format=json","purl":"pkg:deb/debian/asterisk@0.5.0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0.5.0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2003-0761"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfmb-gc77-7fav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89301?format=json","vulnerability_id":"VCID-hkex-v5z3-73bt","summary":"Multiple buffer overflows in Asterisk might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2288","reference_id":"","reference_type":"","scores":[{"value":"0.06609","scoring_system":"epss","scoring_elements":"0.91323","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2288"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2288"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkex-v5z3-73bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81178?format=json","vulnerability_id":"VCID-hp5t-h99v-mfc1","summary":"reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2216","reference_id":"","reference_type":"","scores":[{"value":"0.03498","scoring_system":"epss","scoring_elements":"0.87805","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-2216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2216"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629130","reference_id":"629130","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629130"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339428?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.4.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.4.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-2216"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp5t-h99v-mfc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/67906?format=json","vulnerability_id":"VCID-ht2z-r1t1-ryf9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55713","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_id":"c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj","reference_id":"GHSA-fq45-m3f7-3mhj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339477?format=json","purl":"pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-39244"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ht2z-r1t1-ryf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89622?format=json","vulnerability_id":"VCID-hv7y-fc1a-a7am","summary":"The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4045","reference_id":"","reference_type":"","scores":[{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.82234","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4045"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hv7y-fc1a-a7am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82542?format=json","vulnerability_id":"VCID-j2vq-egp3-bybh","summary":"A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17664","reference_id":"","reference_type":"","scores":[{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79861","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345","reference_id":"884345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339453?format=json","purl":"pkg:deb/debian/asterisk@1:13.18.5~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.5~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-17664"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2vq-egp3-bybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79143?format=json","vulnerability_id":"VCID-j3ps-x8ey-kfa7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2316","reference_id":"","reference_type":"","scores":[{"value":"0.01094","scoring_system":"epss","scoring_elements":"0.78271","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339431?format=json","purl":"pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-2316"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j3ps-x8ey-kfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83464?format=json","vulnerability_id":"VCID-j6re-kvf8-h3et","summary":"An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18976","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37356","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339461?format=json","purl":"pkg:deb/debian/asterisk@1:16.1.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.1.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-18976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6re-kvf8-h3et"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81450?format=json","vulnerability_id":"VCID-j7ee-s5dw-eyew","summary":"Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2415","reference_id":"","reference_type":"","scores":[{"value":"0.10525","scoring_system":"epss","scoring_elements":"0.93379","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2415"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180","reference_id":"670180","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670180"},{"reference_url":"https://security.gentoo.org/glsa/201206-05","reference_id":"GLSA-201206-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339437?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.11.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7ee-s5dw-eyew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81427?format=json","vulnerability_id":"VCID-j7sx-6dhs-wbff","summary":"Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2186","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64665","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2186"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2186"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470","reference_id":"680470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470"},{"reference_url":"https://security.gentoo.org/glsa/201209-15","reference_id":"GLSA-201209-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339436?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-2186"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7sx-6dhs-wbff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86487?format=json","vulnerability_id":"VCID-jfve-1ah7-8ybu","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995","reference_id":"","reference_type":"","scores":[{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80869","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995"},{"reference_url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_id":"0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1405","reference_id":"1405","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1405"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1406","reference_id":"1406","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1406"},{"reference_url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_id":"eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2","reference_id":"GHSA-557q-795j-wfx2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339487?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u8?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u8%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339491?format=json","purl":"pkg:deb/debian/asterisk@1:22.2.0~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.2.0~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-54995"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jfve-1ah7-8ybu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89620?format=json","vulnerability_id":"VCID-jn6q-ncg1-ufdg","summary":"Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4521","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.85641","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-4521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jn6q-ncg1-ufdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80223?format=json","vulnerability_id":"VCID-jytq-x1m9-ryh3","summary":"The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check.  NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2898","reference_id":"","reference_type":"","scores":[{"value":"0.00324","scoring_system":"epss","scoring_elements":"0.55675","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380054","reference_id":"380054","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380054"},{"reference_url":"https://security.gentoo.org/glsa/200606-15","reference_id":"GLSA-200606-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200606-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339394?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.10.dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.10.dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-2898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jytq-x1m9-ryh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81934?format=json","vulnerability_id":"VCID-k2af-kssx-8fcn","summary":"Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9374","reference_id":"","reference_type":"","scores":[{"value":"0.45774","scoring_system":"epss","scoring_elements":"0.97679","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9374"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773230","reference_id":"773230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773230"},{"reference_url":"https://security.gentoo.org/glsa/201412-51","reference_id":"GLSA-201412-51","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-9374"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2af-kssx-8fcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80078?format=json","vulnerability_id":"VCID-k5je-ydwf-v3gq","summary":"Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3559","reference_id":"","reference_type":"","scores":[{"value":"0.05519","scoring_system":"epss","scoring_elements":"0.90382","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3559"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338116","reference_id":"338116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338116"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/26475.txt","reference_id":"CVE-2005-3559;OSVDB-20577","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/cgi/webapps/26475.txt"},{"reference_url":"https://www.securityfocus.com/bid/15336/info","reference_id":"CVE-2005-3559;OSVDB-20577","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/15336/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339392?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2005-3559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k5je-ydwf-v3gq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80573?format=json","vulnerability_id":"VCID-k8pf-eby2-3ban","summary":"SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6171","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40505","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6171"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339410?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.15~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.15~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-6171"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8pf-eby2-3ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80273?format=json","vulnerability_id":"VCID-kmay-1p7g-t7f5","summary":"Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4345","reference_id":"","reference_type":"","scores":[{"value":"0.05153","scoring_system":"epss","scoring_elements":"0.90025","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060","reference_id":"385060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060"},{"reference_url":"https://security.gentoo.org/glsa/200610-15","reference_id":"GLSA-200610-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200610-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339395?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.11.dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-4345"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmay-1p7g-t7f5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53997?format=json","vulnerability_id":"VCID-ks2t-azws-kbbz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7251","reference_id":"","reference_type":"","scores":[{"value":"0.04411","scoring_system":"epss","scoring_elements":"0.89184","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690","reference_id":"923690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339462?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-7251"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ks2t-azws-kbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10241?format=json","vulnerability_id":"VCID-m53p-u7ky-jyd1","summary":"Asterisk: Asterisk: Local file disclosure via unsafe XML parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17627","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909","reference_id":"2437909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42","reference_id":"GHSA-85x7-54wr-vh42","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339493?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339494?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2026-23739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m53p-u7ky-jyd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81122?format=json","vulnerability_id":"VCID-m749-tkbh-5ygf","summary":"manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1174","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1174"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1174"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-1174"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m749-tkbh-5ygf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88439?format=json","vulnerability_id":"VCID-mh9b-mu9k-ufcn","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31878","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40669","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31878"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-31878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh9b-mu9k-ufcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80188?format=json","vulnerability_id":"VCID-mhw5-v3jy-qqfd","summary":"Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1827","reference_id":"","reference_type":"","scores":[{"value":"0.03378","scoring_system":"epss","scoring_elements":"0.87583","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-1827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1827"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364195","reference_id":"364195","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364195"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339393?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.7.1.dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-1827"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhw5-v3jy-qqfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78733?format=json","vulnerability_id":"VCID-mu5d-au9b-87ap","summary":"embedded prototype.js JavaScript hijacking","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383","reference_id":"","reference_type":"","scores":[{"value":"0.00262","scoring_system":"epss","scoring_elements":"0.49714","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2383"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592","reference_id":"539592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=539592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220","reference_id":"555220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555220"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221","reference_id":"555221","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555221"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250","reference_id":"555250","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555250"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255","reference_id":"555255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555255"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977","reference_id":"558977","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339402?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-2383"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mu5d-au9b-87ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80525?format=json","vulnerability_id":"VCID-muku-zk87-hkbv","summary":"The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4455","reference_id":"","reference_type":"","scores":[{"value":"0.05232","scoring_system":"epss","scoring_elements":"0.90101","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4455"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4455","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4455"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339407?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.11~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.11~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-4455"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-muku-zk87-hkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81817?format=json","vulnerability_id":"VCID-mumx-6vvr-4bbf","summary":"channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2287","reference_id":"","reference_type":"","scores":[{"value":"0.05216","scoring_system":"epss","scoring_elements":"0.90082","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2287"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313","reference_id":"741313","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339442?format=json","purl":"pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.8.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mumx-6vvr-4bbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64477?format=json","vulnerability_id":"VCID-mw9d-2zh9-yya9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81469","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00","reference_id":"560a1346f87aabe126509bb24930106dea292b00","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m","reference_id":"GHSA-f5qg-pqcg-765m","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339475?format=json","purl":"pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24764"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mw9d-2zh9-yya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82788?format=json","vulnerability_id":"VCID-n7zc-3ycr-akcy","summary":"A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9358","reference_id":"","reference_type":"","scores":[{"value":"0.01188","scoring_system":"epss","scoring_elements":"0.79122","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9358"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906","reference_id":"863906","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863906"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339455?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-9358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7zc-3ycr-akcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81591?format=json","vulnerability_id":"VCID-nhn9-mw16-pkaf","summary":"Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5977","reference_id":"","reference_type":"","scores":[{"value":"0.01103","scoring_system":"epss","scoring_elements":"0.78362","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5977"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230","reference_id":"697230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339439?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-5977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nhn9-mw16-pkaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88714?format=json","vulnerability_id":"VCID-nm83-6ezk-pue4","summary":"Multiple vulnerabilities have been found in Asterisk, the worst of\n    which may allow execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2685","reference_id":"","reference_type":"","scores":[{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92714","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2685"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-2685"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nm83-6ezk-pue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86418?format=json","vulnerability_id":"VCID-nsnm-1fx3-n3dt","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64073","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530","reference_id":"1106530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2","reference_id":"GHSA-c7p6-7mvq-8jq2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339489?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u7?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u7%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339490?format=json","purl":"pkg:deb/debian/asterisk@1:22.4.1~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.4.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-47780"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nsnm-1fx3-n3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81857?format=json","vulnerability_id":"VCID-nwcq-bvn5-qyf7","summary":"Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4046","reference_id":"","reference_type":"","scores":[{"value":"0.01378","scoring_system":"epss","scoring_elements":"0.80563","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4046"},{"reference_url":"https://security.gentoo.org/glsa/201406-25","reference_id":"GLSA-201406-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339443?format=json","purl":"pkg:deb/debian/asterisk@1:11.10.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.10.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4046"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwcq-bvn5-qyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60247?format=json","vulnerability_id":"VCID-p4m7-21w6-cqep","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793","reference_id":"","reference_type":"","scores":[{"value":"0.00566","scoring_system":"epss","scoring_elements":"0.68779","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_id":"9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339475?format=json","purl":"pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24793"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4m7-21w6-cqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80594?format=json","vulnerability_id":"VCID-p4z2-vafe-2kcq","summary":"The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0095","reference_id":"","reference_type":"","scores":[{"value":"0.26555","scoring_system":"epss","scoring_elements":"0.96421","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-0095"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0095","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0095"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458952","reference_id":"458952","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458952"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/30974.txt","reference_id":"CVE-2008-0095;OSVDB-39841","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/30974.txt"},{"reference_url":"https://www.securityfocus.com/bid/27110/info","reference_id":"CVE-2008-0095;OSVDB-39841","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/27110/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339412?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.17~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.17~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-0095"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p4z2-vafe-2kcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80439?format=json","vulnerability_id":"VCID-paap-v22a-w7f3","summary":"Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2293","reference_id":"","reference_type":"","scores":[{"value":"0.49577","scoring_system":"epss","scoring_elements":"0.9785","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29900.txt","reference_id":"CVE-2007-2293;OSVDB-35368","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29900.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29901.txt","reference_id":"CVE-2007-2293;OSVDB-35368","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/29901.txt"},{"reference_url":"https://www.securityfocus.com/bid/23648/info","reference_id":"CVE-2007-2293;OSVDB-35368","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/23648/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339400?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.3~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.3~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-2293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-paap-v22a-w7f3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81295?format=json","vulnerability_id":"VCID-ppcr-yrpq-u3g8","summary":"The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4597","reference_id":"","reference_type":"","scores":[{"value":"0.00685","scoring_system":"epss","scoring_elements":"0.72015","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4597","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4597"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552","reference_id":"651552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339433?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.8.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-4597"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ppcr-yrpq-u3g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78616?format=json","vulnerability_id":"VCID-psxt-4x3k-augy","summary":"asterisk: Two buffer overflows in RTP Codec Payload Handling (AST-2008-002)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1289.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1289.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1289","reference_id":"","reference_type":"","scores":[{"value":"0.24953","scoring_system":"epss","scoring_elements":"0.9626","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1289"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=438127","reference_id":"438127","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=438127"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31440.txt","reference_id":"CVE-2008-1289;OSVDB-43416","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/31440.txt"},{"reference_url":"https://www.securityfocus.com/bid/28308/info","reference_id":"CVE-2008-1289;OSVDB-43416","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/28308/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339413?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-psxt-4x3k-augy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84479?format=json","vulnerability_id":"VCID-pt99-8yya-q3bx","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62317","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_id":"d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339474?format=json","purl":"pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-23537"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt99-8yya-q3bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81906?format=json","vulnerability_id":"VCID-q4a9-x9rc-tued","summary":"Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8416","reference_id":"","reference_type":"","scores":[{"value":"0.00978","scoring_system":"epss","scoring_elements":"0.77028","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8416"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8416","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8416"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8416"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4a9-x9rc-tued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89628?format=json","vulnerability_id":"VCID-qbcd-t5kt-4kbz","summary":"An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7287","reference_id":"","reference_type":"","scores":[{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96983","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7287"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbcd-t5kt-4kbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79670?format=json","vulnerability_id":"VCID-qjdy-qgr6-13eg","summary":"SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0779","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09723","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0779"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339390?format=json","purl":"pkg:deb/debian/asterisk@0.7.0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0.7.0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2003-0779"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjdy-qgr6-13eg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74056?format=json","vulnerability_id":"VCID-qk2c-ayv7-gub7","summary":"asterisk: IAX2 DoS vulnerability (AST-2009-006)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2346.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2346","reference_id":"","reference_type":"","scores":[{"value":"0.00791","scoring_system":"epss","scoring_elements":"0.742","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=521164","reference_id":"521164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=521164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473","reference_id":"539473","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539473"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339419?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~beta3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~beta3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-2346"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qk2c-ayv7-gub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80441?format=json","vulnerability_id":"VCID-qqzb-4ana-y7cc","summary":"The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2297","reference_id":"","reference_type":"","scores":[{"value":"0.02719","scoring_system":"epss","scoring_elements":"0.86177","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820","reference_id":"419820","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419820"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339401?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-2297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqzb-4ana-y7cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80487?format=json","vulnerability_id":"VCID-qt7n-33ke-nbg9","summary":"Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3762","reference_id":"","reference_type":"","scores":[{"value":"0.10199","scoring_system":"epss","scoring_elements":"0.93254","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762"},{"reference_url":"https://security.gentoo.org/glsa/200802-11","reference_id":"GLSA-200802-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200802-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339404?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-3762"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qt7n-33ke-nbg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81392?format=json","vulnerability_id":"VCID-r8qs-axpa-dfcq","summary":"Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1183","reference_id":"","reference_type":"","scores":[{"value":"0.00219","scoring_system":"epss","scoring_elements":"0.44497","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1183"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411","reference_id":"664411","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664411"},{"reference_url":"https://security.gentoo.org/glsa/201203-21","reference_id":"GLSA-201203-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339435?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.10.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-1183"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8qs-axpa-dfcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86676?format=json","vulnerability_id":"VCID-r9xj-a3g1-fqa4","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16349","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh","reference_id":"GHSA-v6hp-wh3r-cwxh","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339493?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339494?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2026-23738"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r9xj-a3g1-fqa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60396?format=json","vulnerability_id":"VCID-rkn5-9jy4-wbbx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52233","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339471?format=json","purl":"pkg:deb/debian/asterisk@1:18.12.0~dfsg%2B~cs6.12.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.12.0~dfsg%252B~cs6.12.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43845"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkn5-9jy4-wbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78727?format=json","vulnerability_id":"VCID-rpyt-fx9h-dyf7","summary":"asterisk: Remote Crash Vulnerability in SIP channel driver (AST-2009-005)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2726.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2726.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2726","reference_id":"","reference_type":"","scores":[{"value":"0.3069","scoring_system":"epss","scoring_elements":"0.96804","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2726"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=516990","reference_id":"516990","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=516990"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541441","reference_id":"541441","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541441"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339420?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~dfsg~rc1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-2726"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpyt-fx9h-dyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63885?format=json","vulnerability_id":"VCID-rtbp-4kb8-ayh4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365","reference_id":"","reference_type":"","scores":[{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96897","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574","reference_id":"1078574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_id":"b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"},{"reference_url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_id":"bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"},{"reference_url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_id":"faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44","reference_id":"GHSA-c4cg-9275-6w44","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"},{"reference_url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"},{"reference_url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339482?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u5?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u5%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339483?format=json","purl":"pkg:deb/debian/asterisk@1:20.9.3~dfsg%2B~cs6.14.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.9.3~dfsg%252B~cs6.14.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-42365"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rtbp-4kb8-ayh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75444?format=json","vulnerability_id":"VCID-rxfr-prs2-1yb4","summary":"asterisk: 3-way handshake in IAX2 incomplete (CVE-2008-1923)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1897.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1897","reference_id":"","reference_type":"","scores":[{"value":"0.03049","scoring_system":"epss","scoring_elements":"0.86917","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1897"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1897"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=443761","reference_id":"443761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=443761"},{"reference_url":"https://security.gentoo.org/glsa/200905-01","reference_id":"GLSA-200905-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200905-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339414?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.19.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1897"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxfr-prs2-1yb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81816?format=json","vulnerability_id":"VCID-rzry-3zwj-z3ce","summary":"main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2286","reference_id":"","reference_type":"","scores":[{"value":"0.14756","scoring_system":"epss","scoring_elements":"0.94601","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313","reference_id":"741313","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741313"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339442?format=json","purl":"pkg:deb/debian/asterisk@1:11.8.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.8.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2286"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzry-3zwj-z3ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80490?format=json","vulnerability_id":"VCID-s4vy-wpd9-nfeh","summary":"The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3765","reference_id":"","reference_type":"","scores":[{"value":"0.00859","scoring_system":"epss","scoring_elements":"0.75323","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3765"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3765","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3765"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433681","reference_id":"433681","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433681"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339404?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-3765"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s4vy-wpd9-nfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80516?format=json","vulnerability_id":"VCID-s648-7tjm-dfew","summary":"The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4280","reference_id":"","reference_type":"","scores":[{"value":"0.03548","scoring_system":"epss","scoring_elements":"0.87885","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4280"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339406?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.10~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.10~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-4280"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s648-7tjm-dfew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62477?format=json","vulnerability_id":"VCID-s8hn-1yhb-93c4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161","reference_id":"","reference_type":"","scores":[{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85015","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981","reference_id":"931981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339459?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-13161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8hn-1yhb-93c4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81902?format=json","vulnerability_id":"VCID-sct3-tg39-cqd2","summary":"The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8412","reference_id":"","reference_type":"","scores":[{"value":"0.00597","scoring_system":"epss","scoring_elements":"0.69702","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8412"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8412"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463","reference_id":"771463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463"},{"reference_url":"https://security.gentoo.org/glsa/201412-51","reference_id":"GLSA-201412-51","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8412"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sct3-tg39-cqd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81562?format=json","vulnerability_id":"VCID-sh84-ms1c-efff","summary":"channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4737","reference_id":"","reference_type":"","scores":[{"value":"0.01504","scoring_system":"epss","scoring_elements":"0.81461","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4737"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470","reference_id":"680470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470"},{"reference_url":"https://security.gentoo.org/glsa/201209-15","reference_id":"GLSA-201209-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339436?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-4737"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sh84-ms1c-efff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80555?format=json","vulnerability_id":"VCID-sktj-tzmw-u7dh","summary":"Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields.  NOTE: vector 2 requires write access to Asterisk configuration files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5358","reference_id":"","reference_type":"","scores":[{"value":"0.00689","scoring_system":"epss","scoring_elements":"0.72099","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-5358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5358"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339409?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.13~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.13~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-5358"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sktj-tzmw-u7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56534?format=json","vulnerability_id":"VCID-sq5m-19b4-4uhq","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62703","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339470?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.1~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.1~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-43303"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sq5m-19b4-4uhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81696?format=json","vulnerability_id":"VCID-srpf-1fvf-e7da","summary":"main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2686","reference_id":"","reference_type":"","scores":[{"value":"0.02448","scoring_system":"epss","scoring_elements":"0.85441","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114","reference_id":"704114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339439?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-2686"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srpf-1fvf-e7da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60853?format=json","vulnerability_id":"VCID-ssr7-ursy-kbc3","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712","reference_id":"","reference_type":"","scores":[{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87379","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssr7-ursy-kbc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81908?format=json","vulnerability_id":"VCID-sxxv-pt4p-pkgd","summary":"The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8418","reference_id":"","reference_type":"","scores":[{"value":"0.01284","scoring_system":"epss","scoring_elements":"0.7992","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8418"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8418","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463","reference_id":"771463","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771463"},{"reference_url":"https://security.gentoo.org/glsa/201412-51","reference_id":"GLSA-201412-51","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8418"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxxv-pt4p-pkgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56694?format=json","vulnerability_id":"VCID-t3sm-dbsw-hkdf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327","reference_id":"","reference_type":"","scores":[{"value":"0.02764","scoring_system":"epss","scoring_elements":"0.86269","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712","reference_id":"974712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339463?format=json","purl":"pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2020-28327"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3sm-dbsw-hkdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82516?format=json","vulnerability_id":"VCID-t962-kkbp-vyeu","summary":"An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16672","reference_id":"","reference_type":"","scores":[{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90138","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256","reference_id":"881256","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339451?format=json","purl":"pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-16672"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t962-kkbp-vyeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80912?format=json","vulnerability_id":"VCID-te7t-uxgc-93h7","summary":"The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg.  NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0685","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27543","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0685"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0685","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0685"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339425?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2010-0685"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-te7t-uxgc-93h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57081?format=json","vulnerability_id":"VCID-tnky-hb2z-6bem","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64796","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_id":"077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/2","reference_id":"2","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/2"},{"reference_url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm","reference_id":"GHSA-7fw8-54cv-r7pm","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339469?format=json","purl":"pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-21723"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnky-hb2z-6bem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80444?format=json","vulnerability_id":"VCID-u22x-qs7j-nyan","summary":"The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2488","reference_id":"","reference_type":"","scores":[{"value":"0.03192","scoring_system":"epss","scoring_elements":"0.87201","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-2488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339403?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.5~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.5~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-2488"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u22x-qs7j-nyan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54186?format=json","vulnerability_id":"VCID-u2qj-jv1z-aubs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651","reference_id":"","reference_type":"","scores":[{"value":"0.00559","scoring_system":"epss","scoring_elements":"0.68531","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339476?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-26651"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2qj-jv1z-aubs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53375?format=json","vulnerability_id":"VCID-u3hc-ww2b-rqde","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499","reference_id":"","reference_type":"","scores":[{"value":"0.01115","scoring_system":"epss","scoring_elements":"0.785","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339476?format=json","purl":"pkg:deb/debian/asterisk@1:18.11.2~dfsg%2B~cs6.10.40431413-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.11.2~dfsg%252B~cs6.10.40431413-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-26499"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u3hc-ww2b-rqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71636?format=json","vulnerability_id":"VCID-uk7c-kwvs-r3cw","summary":"buffer overflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7100","reference_id":"","reference_type":"","scores":[{"value":"0.02551","scoring_system":"epss","scoring_elements":"0.85736","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732355","reference_id":"732355","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732355"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339441?format=json","purl":"pkg:deb/debian/asterisk@1:11.7.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.7.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-7100"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uk7c-kwvs-r3cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82515?format=json","vulnerability_id":"VCID-urjf-anyp-3qhv","summary":"A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16671","reference_id":"","reference_type":"","scores":[{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88029","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257","reference_id":"881257","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"},{"reference_url":"https://usn.ubuntu.com/USN-4814-1/","reference_id":"USN-USN-4814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4814-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339451?format=json","purl":"pkg:deb/debian/asterisk@1:13.18.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.18.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2017-16671"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urjf-anyp-3qhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89624?format=json","vulnerability_id":"VCID-utdf-kxfn-pka3","summary":"The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00988","scoring_system":"epss","scoring_elements":"0.77148","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6609"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-6609"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utdf-kxfn-pka3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80848?format=json","vulnerability_id":"VCID-varg-6ch8-ebg1","summary":"asterisk allows calls on prohibited networks","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3723","reference_id":"","reference_type":"","scores":[{"value":"0.00653","scoring_system":"epss","scoring_elements":"0.71244","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3723"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552756","reference_id":"552756","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552756"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339421?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~rc3-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc3-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-3723"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-varg-6ch8-ebg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79141?format=json","vulnerability_id":"VCID-vpmy-6q1h-s3cv","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3008","reference_id":"","reference_type":"","scores":[{"value":"0.39025","scoring_system":"epss","scoring_elements":"0.97342","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782411","reference_id":"782411","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782411"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339431?format=json","purl":"pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2015-3008"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmy-6q1h-s3cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61974?format=json","vulnerability_id":"VCID-vq1r-wndd-pkfj","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763","reference_id":"","reference_type":"","scores":[{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80726","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339475?format=json","purl":"pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.14.0~~rc1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24763"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq1r-wndd-pkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52909?format=json","vulnerability_id":"VCID-w4rq-h2cf-tyd8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62292","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157","reference_id":"983157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339465?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26717"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4rq-h2cf-tyd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78618?format=json","vulnerability_id":"VCID-wbaw-ad2z-nkbk","summary":"asterisk: Format String Vulnerability in Logger and Manager (AST-2008-004)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1333.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1333.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1333","reference_id":"","reference_type":"","scores":[{"value":"0.03255","scoring_system":"epss","scoring_elements":"0.87353","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1333"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=438130","reference_id":"438130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=438130"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339413?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1333"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbaw-ad2z-nkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64757?format=json","vulnerability_id":"VCID-wdan-ut8f-xfey","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.7453","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159","reference_id":"983159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339465?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26906"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdan-ut8f-xfey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54551?format=json","vulnerability_id":"VCID-wg8m-nzyj-kkgz","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790","reference_id":"","reference_type":"","scores":[{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91833","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381","reference_id":"947381","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339460?format=json","purl":"pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-18790"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg8m-nzyj-kkgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81518?format=json","vulnerability_id":"VCID-whex-hbuj-97ge","summary":"Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3812","reference_id":"","reference_type":"","scores":[{"value":"0.07186","scoring_system":"epss","scoring_elements":"0.91712","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3812"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470","reference_id":"680470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680470"},{"reference_url":"https://security.gentoo.org/glsa/201209-15","reference_id":"GLSA-201209-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339436?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-3812"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-whex-hbuj-97ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80274?format=json","vulnerability_id":"VCID-wph3-agzg-1yea","summary":"Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4346","reference_id":"","reference_type":"","scores":[{"value":"0.02329","scoring_system":"epss","scoring_elements":"0.85085","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-4346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060","reference_id":"385060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385060"},{"reference_url":"https://security.gentoo.org/glsa/200610-15","reference_id":"GLSA-200610-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200610-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339395?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.11.dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.11.dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-4346"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wph3-agzg-1yea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81689?format=json","vulnerability_id":"VCID-wqkn-49r3-zyak","summary":"The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2264","reference_id":"","reference_type":"","scores":[{"value":"0.00171","scoring_system":"epss","scoring_elements":"0.38085","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2264"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2264"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114","reference_id":"704114","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704114"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339439?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-2264"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqkn-49r3-zyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80294?format=json","vulnerability_id":"VCID-wxe5-hd3w-ebay","summary":"Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of \"a real pvt structure\" that uses more resources than necessary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5445","reference_id":"","reference_type":"","scores":[{"value":"0.10034","scoring_system":"epss","scoring_elements":"0.9319","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080","reference_id":"395080","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=395080"},{"reference_url":"https://security.gentoo.org/glsa/200610-15","reference_id":"GLSA-200610-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200610-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339396?format=json","purl":"pkg:deb/debian/asterisk@1:1.2.13~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.2.13~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2006-5445"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxe5-hd3w-ebay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73878?format=json","vulnerability_id":"VCID-wzbf-ag2n-8kbw","summary":"Asterisk: SIP responses expose valid usernames (AST-2009-008)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3727.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3727","reference_id":"","reference_type":"","scores":[{"value":"0.0072","scoring_system":"epss","scoring_elements":"0.72786","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=533137","reference_id":"533137","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533137"},{"reference_url":"https://security.gentoo.org/glsa/201006-20","reference_id":"GLSA-201006-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339422?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.0~rc6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.0~rc6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-3727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzbf-ag2n-8kbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64445?format=json","vulnerability_id":"VCID-x142-tqyd-d3a2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297","reference_id":"","reference_type":"","scores":[{"value":"0.01814","scoring_system":"epss","scoring_elements":"0.83157","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060","reference_id":"940060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339460?format=json","purl":"pkg:deb/debian/asterisk@1:16.10.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.10.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-15297"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x142-tqyd-d3a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53758?format=json","vulnerability_id":"VCID-x25w-m4wc-f3hx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29705","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372","reference_id":"979372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339464?format=json","purl":"pkg:deb/debian/asterisk@1:16.15.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2020-35652"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x25w-m4wc-f3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71633?format=json","vulnerability_id":"VCID-x6pd-2arc-gqdq","summary":"HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389","reference_id":"","reference_type":"","scores":[{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88348","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389"},{"reference_url":"https://curl.se/docs/CVE-2011-3389.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2011-3389.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","reference_id":"737506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506"},{"reference_url":"https://security.gentoo.org/glsa/201111-02","reference_id":"GLSA-201111-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201111-02"},{"reference_url":"https://security.gentoo.org/glsa/201203-02","reference_id":"GLSA-201203-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-02"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1380","reference_id":"RHSA-2011:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1384","reference_id":"RHSA-2011:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0006","reference_id":"RHSA-2012:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0034","reference_id":"RHSA-2012:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0343","reference_id":"RHSA-2012:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0508","reference_id":"RHSA-2012:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://usn.ubuntu.com/1263-1/","reference_id":"USN-1263-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1263-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339431?format=json","purl":"pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-3389"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x6pd-2arc-gqdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79142?format=json","vulnerability_id":"VCID-xv18-hdha-abf6","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2232","reference_id":"","reference_type":"","scores":[{"value":"0.07852","scoring_system":"epss","scoring_elements":"0.92118","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2232"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2316"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7551"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339431?format=json","purl":"pkg:deb/debian/asterisk@1:13.7.2~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.7.2~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-2232"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xv18-hdha-abf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86677?format=json","vulnerability_id":"VCID-y2d6-pyca-8fh1","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12698","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3","reference_id":"GHSA-rvch-3jmx-3jf3","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339493?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u9?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u9%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339494?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2026-23741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2d6-pyca-8fh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81146?format=json","vulnerability_id":"VCID-y4c5-z7zt-yuaf","summary":"manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1599","reference_id":"","reference_type":"","scores":[{"value":"0.00338","scoring_system":"epss","scoring_elements":"0.56843","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1599"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1599"},{"reference_url":"https://security.gentoo.org/glsa/201110-21","reference_id":"GLSA-201110-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339427?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.3.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.3.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-1599"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y4c5-z7zt-yuaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89627?format=json","vulnerability_id":"VCID-y5gf-ck7b-w3dw","summary":"A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7285","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67751","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7285"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7285"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5gf-ck7b-w3dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81996?format=json","vulnerability_id":"VCID-y93m-uy8a-zbcg","summary":"Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1558","reference_id":"","reference_type":"","scores":[{"value":"0.15669","scoring_system":"epss","scoring_elements":"0.94813","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1558"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780601","reference_id":"780601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780601"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339446?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1.1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1.1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2015-1558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y93m-uy8a-zbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58596?format=json","vulnerability_id":"VCID-yfkn-8m2a-nqg2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558","reference_id":"","reference_type":"","scores":[{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710","reference_id":"991710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339466?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-1%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339467?format=json","purl":"pkg:deb/debian/asterisk@1:16.16.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.16.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-32558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yfkn-8m2a-nqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81102?format=json","vulnerability_id":"VCID-yp4v-q2dc-qbca","summary":"Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0495","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69024","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0495"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0495","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0495"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487","reference_id":"610487","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610487"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339426?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.9-2%2Bsqueeze1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.9-2%252Bsqueeze1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2011-0495"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp4v-q2dc-qbca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59100?format=json","vulnerability_id":"VCID-yuh9-m3ye-sfg7","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72809","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004","reference_id":"1017004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005","reference_id":"1017005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005"},{"reference_url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202","reference_id":"450baca94f475345542c6953832650c390889202","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj","reference_id":"GHSA-26j7-ww69-c4qj","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339473?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339477?format=json","purl":"pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-31031"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yuh9-m3ye-sfg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71285?format=json","vulnerability_id":"VCID-yy9w-2fwe-jfd8","summary":"several","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5641","reference_id":"","reference_type":"","scores":[{"value":"0.04098","scoring_system":"epss","scoring_elements":"0.88772","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-5641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5642"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220","reference_id":"721220","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721220"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339440?format=json","purl":"pkg:deb/debian/asterisk@1:11.5.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.5.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-5641"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy9w-2fwe-jfd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57046?format=json","vulnerability_id":"VCID-yycn-x9w8-wkhc","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19278","reference_id":"","reference_type":"","scores":[{"value":"0.03169","scoring_system":"epss","scoring_elements":"0.87153","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-19278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yycn-x9w8-wkhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56034?format=json","vulnerability_id":"VCID-yzr5-f8ep-zqe2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74063","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/1","reference_id":"1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"},{"reference_url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","reference_id":"db3235953baa56d2fb0e276ca510fefca751643f","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62","reference_id":"GHSA-ffff-m5fm-qm62","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339468?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339469?format=json","purl":"pkg:deb/debian/asterisk@1:18.10.1~dfsg%2B~cs6.10.40431411-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:18.10.1~dfsg%252B~cs6.10.40431411-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-23608"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzr5-f8ep-zqe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81590?format=json","vulnerability_id":"VCID-z4g1-1f71-g3dy","summary":"Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5976","reference_id":"","reference_type":"","scores":[{"value":"0.29742","scoring_system":"epss","scoring_elements":"0.96714","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230","reference_id":"697230","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697230"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339439?format=json","purl":"pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.8.13.1~dfsg-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-5976"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4g1-1f71-g3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81905?format=json","vulnerability_id":"VCID-z7b5-c8qs-tygn","summary":"Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8415","reference_id":"","reference_type":"","scores":[{"value":"0.0113","scoring_system":"epss","scoring_elements":"0.78623","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8415"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7b5-c8qs-tygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78617?format=json","vulnerability_id":"VCID-z7x2-p7cn-t3h5","summary":"asterisk: Unauthenticated calls allowed from SIP channel driver (AST-2008-003)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1332.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1332.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1332","reference_id":"","reference_type":"","scores":[{"value":"0.01213","scoring_system":"epss","scoring_elements":"0.79299","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1332"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1332"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=438129","reference_id":"438129","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=438129"},{"reference_url":"https://security.gentoo.org/glsa/200804-13","reference_id":"GLSA-200804-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339413?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.18.1~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2008-1332"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7x2-p7cn-t3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80919?format=json","vulnerability_id":"VCID-zctx-7u3f-zuhd","summary":"main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation \"/0\" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1224","reference_id":"","reference_type":"","scores":[{"value":"0.01","scoring_system":"epss","scoring_elements":"0.77291","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560","reference_id":"576560","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339425?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2010-1224"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zctx-7u3f-zuhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73515?format=json","vulnerability_id":"VCID-ze9e-6eex-xuer","summary":"Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0441.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0441.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0441","reference_id":"","reference_type":"","scores":[{"value":"0.03526","scoring_system":"epss","scoring_elements":"0.87852","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0441"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=561332","reference_id":"561332","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=561332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339424?format=json","purl":"pkg:deb/debian/asterisk@1:1.6.2.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2010-0441"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ze9e-6eex-xuer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89621?format=json","vulnerability_id":"VCID-zm66-9m5e-2bem","summary":"chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3553","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21271","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339408?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-3553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zm66-9m5e-2bem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80488?format=json","vulnerability_id":"VCID-zr5f-baa7-h3h1","summary":"The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3763","reference_id":"","reference_type":"","scores":[{"value":"0.25182","scoring_system":"epss","scoring_elements":"0.96282","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-3763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb","reference_id":"CVE-2007-3763","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/4249.rb"},{"reference_url":"https://security.gentoo.org/glsa/200802-11","reference_id":"GLSA-200802-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200802-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339404?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.8~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.8~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-3763"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zr5f-baa7-h3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81903?format=json","vulnerability_id":"VCID-zrcm-vdc5-bffj","summary":"The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8413","reference_id":"","reference_type":"","scores":[{"value":"0.00302","scoring_system":"epss","scoring_elements":"0.5377","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8413"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339445?format=json","purl":"pkg:deb/debian/asterisk@1:13.1.0~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.1.0~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-8413"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zrcm-vdc5-bffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80506?format=json","vulnerability_id":"VCID-zta3-e3f4-2qau","summary":"The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4103","reference_id":"","reference_type":"","scores":[{"value":"0.02623","scoring_system":"epss","scoring_elements":"0.85918","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4103"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103"},{"reference_url":"https://security.gentoo.org/glsa/200802-11","reference_id":"GLSA-200802-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200802-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339405?format=json","purl":"pkg:deb/debian/asterisk@1:1.4.9~dfsg-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.4.9~dfsg-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-4103"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zta3-e3f4-2qau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61660?format=json","vulnerability_id":"VCID-zvqd-1d24-jqa6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51629","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307","reference_id":"1059307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307"},{"reference_url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_id":"6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66","reference_id":"GHSA-f76w-fh7c-pc66","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/339387?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gh5j-yza2-v3fu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339480?format=json","purl":"pkg:deb/debian/asterisk@1:20.8.1~dfsg%2B~cs6.14.40431414-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.8.1~dfsg%252B~cs6.14.40431414-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/339389?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2023-38703"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvqd-1d24-jqa6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"}