Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main

Type apk

Namespace alpine

Name asterisk

Version 20.5.1-r0

Qualifiers

arch	armv7
distroversion	v3.22
reponame	main

Subpath

Is_vulnerable false

Next_non_vulnerable_version 20.8.1-r0

Latest_non_vulnerable_version 20.11.1-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-drvj-6p87-rqcn

vulnerability_id VCID-drvj-6p87-rqcn

summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-37457

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22423
published_at	2026-06-05T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.2241
published_at	2026-06-06T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22361
published_at	2026-06-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22308
published_at	2026-06-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22323
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303
reference_id	1059303
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main

aliases CVE-2023-37457

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drvj-6p87-rqcn

url VCID-n51b-qqvd-j3h8

vulnerability_id VCID-n51b-qqvd-j3h8

summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49786

reference_id

reference_type

scores

value	0.00077
scoring_system	epss
scoring_elements	0.22962
published_at	2026-06-09T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23071
published_at	2026-06-05T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23058
published_at	2026-06-06T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.23013
published_at	2026-06-07T12:55:00Z

value	0.00077
scoring_system	epss
scoring_elements	0.22959
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033
reference_id	1059033
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033

reference_url

http://seclists.org/fulldisclosure/2023/Dec/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://seclists.org/fulldisclosure/2023/Dec/24

reference_url

http://www.openwall.com/lists/oss-security/2023/12/15/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://www.openwall.com/lists/oss-security/2023/12/15/7

reference_url

http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html

reference_id

Asterisk-20.1.0-Denial-Of-Service.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html

reference_url

https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

reference_id

d7d7764cb07c8a1872804321302ef93bf62cba05

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05

reference_url

https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race

reference_id

ES2023-01-asterisk-dtls-hello-race

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race

reference_url

https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq

reference_id

GHSA-hxj9-xwr8-w8pq

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

reference_url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

reference_id

msg00019.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html

fixed_packages

url	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main

aliases CVE-2023-49786

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n51b-qqvd-j3h8

url VCID-ru68-dmrf-bfbx

vulnerability_id VCID-ru68-dmrf-bfbx

summary Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49294

reference_id

reference_type

scores

value	0.17085
scoring_system	epss
scoring_elements	0.9513
published_at	2026-06-06T12:55:00Z

value	0.17085
scoring_system	epss
scoring_elements	0.95132
published_at	2026-06-07T12:55:00Z

value	0.17085
scoring_system	epss
scoring_elements	0.95131
published_at	2026-06-08T12:55:00Z

value	0.17085
scoring_system	epss
scoring_elements	0.95136
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032
reference_id	1059032
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032

reference_url	https://security.gentoo.org/glsa/202412-03
reference_id	GLSA-202412-03
reference_type
scores
url	https://security.gentoo.org/glsa/202412-03

fixed_packages

url	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
purl	pkg:apk/alpine/asterisk@20.5.1-r0?arch=armv7&distroversion=v3.22&reponame=main
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main

aliases CVE-2023-49294

risk_score 0.1

exploitability 0.5

weighted_severity 0.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru68-dmrf-bfbx

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@20.5.1-r0%3Farch=armv7&distroversion=v3.22&reponame=main

Package Instance