Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
Typeapk
Namespacealpine
Nameasterisk
Version18.20.2-r0
Qualifiers
arch x86
distroversion v3.16
reponame main
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8t63-f1tx-7bdy
vulnerability_id VCID-8t63-f1tx-7bdy
summary An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
reference_id
reference_type
scores
0
value 0.0081
scoring_system epss
scoring_elements 0.74583
published_at 2026-06-04T12:55:00Z
1
value 0.0081
scoring_system epss
scoring_elements 0.74615
published_at 2026-06-05T12:55:00Z
2
value 0.0081
scoring_system epss
scoring_elements 0.7462
published_at 2026-06-06T12:55:00Z
3
value 0.0081
scoring_system epss
scoring_elements 0.74609
published_at 2026-06-07T12:55:00Z
4
value 0.0081
scoring_system epss
scoring_elements 0.74591
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-009.html
reference_id AST-2022-009.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://downloads.asterisk.org/pub/security/AST-2022-009.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2022-42706
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t63-f1tx-7bdy
1
url VCID-a2r2-kh13-y7cr
vulnerability_id VCID-a2r2-kh13-y7cr
summary A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
reference_id
reference_type
scores
0
value 0.01516
scoring_system epss
scoring_elements 0.81552
published_at 2026-06-04T12:55:00Z
1
value 0.01516
scoring_system epss
scoring_elements 0.81581
published_at 2026-06-05T12:55:00Z
2
value 0.01516
scoring_system epss
scoring_elements 0.81583
published_at 2026-06-06T12:55:00Z
3
value 0.01516
scoring_system epss
scoring_elements 0.81582
published_at 2026-06-07T12:55:00Z
4
value 0.01516
scoring_system epss
scoring_elements 0.81575
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-008.html
reference_id AST-2022-008.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://downloads.asterisk.org/pub/security/AST-2022-008.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2022-42705
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2r2-kh13-y7cr
2
url VCID-drvj-6p87-rqcn
vulnerability_id VCID-drvj-6p87-rqcn
summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37457
reference_id
reference_type
scores
0
value 0.00074
scoring_system epss
scoring_elements 0.22423
published_at 2026-06-05T12:55:00Z
1
value 0.00074
scoring_system epss
scoring_elements 0.2241
published_at 2026-06-06T12:55:00Z
2
value 0.00074
scoring_system epss
scoring_elements 0.22361
published_at 2026-06-07T12:55:00Z
3
value 0.00074
scoring_system epss
scoring_elements 0.22308
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37457
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id 1059303
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
6
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2023-37457
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drvj-6p87-rqcn
3
url VCID-ky73-mqpf-97gy
vulnerability_id VCID-ky73-mqpf-97gy
summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62372
published_at 2026-06-04T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62419
published_at 2026-06-05T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62427
published_at 2026-06-06T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62417
published_at 2026-06-07T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62402
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_id d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
reference_id GHSA-9pfh-r8x4-w26w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
12
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
13
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2022-23537
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ky73-mqpf-97gy
4
url VCID-n51b-qqvd-j3h8
vulnerability_id VCID-n51b-qqvd-j3h8
summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49786
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.22959
published_at 2026-06-08T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.23071
published_at 2026-06-05T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23058
published_at 2026-06-06T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23013
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49786
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
reference_id 1059033
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
6
reference_url http://seclists.org/fulldisclosure/2023/Dec/24
reference_id 24
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://seclists.org/fulldisclosure/2023/Dec/24
7
reference_url http://www.openwall.com/lists/oss-security/2023/12/15/7
reference_id 7
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://www.openwall.com/lists/oss-security/2023/12/15/7
8
reference_url http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
reference_id Asterisk-20.1.0-Denial-Of-Service.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html
9
reference_url https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
reference_id d7d7764cb07c8a1872804321302ef93bf62cba05
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05
10
reference_url https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
reference_id ES2023-01-asterisk-dtls-hello-race
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race
11
reference_url https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
reference_id GHSA-hxj9-xwr8-w8pq
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq
12
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
13
reference_url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
reference_id msg00019.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/
url https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2023-49786
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n51b-qqvd-j3h8
5
url VCID-ru68-dmrf-bfbx
vulnerability_id VCID-ru68-dmrf-bfbx
summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49294
reference_id
reference_type
scores
0
value 0.17085
scoring_system epss
scoring_elements 0.9513
published_at 2026-06-06T12:55:00Z
1
value 0.17085
scoring_system epss
scoring_elements 0.95132
published_at 2026-06-07T12:55:00Z
2
value 0.17085
scoring_system epss
scoring_elements 0.95131
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49294
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
reference_id 1059032
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
6
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2023-49294
risk_score 0.1
exploitability 0.5
weighted_severity 0.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru68-dmrf-bfbx
6
url VCID-t6xj-x5br-c3cj
vulnerability_id VCID-t6xj-x5br-c3cj
summary In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71989
published_at 2026-06-04T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.72029
published_at 2026-06-05T12:55:00Z
2
value 0.0068
scoring_system epss
scoring_elements 0.72037
published_at 2026-06-06T12:55:00Z
3
value 0.0068
scoring_system epss
scoring_elements 0.72014
published_at 2026-06-07T12:55:00Z
4
value 0.0068
scoring_system epss
scoring_elements 0.72001
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-007.html
reference_id AST-2022-007.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://downloads.asterisk.org/pub/security/AST-2022-007.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
purl pkg:apk/alpine/asterisk@18.20.2-r0?arch=x86&distroversion=v3.16&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main
aliases CVE-2022-37325
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6xj-x5br-c3cj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.20.2-r0%3Farch=x86&distroversion=v3.16&reponame=main