{"url":"http://public2.vulnerablecode.io/api/packages/501255?format=json","purl":"pkg:apk/alpine/asterisk@18.2.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","type":"apk","namespace":"alpine","name":"asterisk","version":"18.2.1-r0","qualifiers":{"arch":"riscv64","distroversion":"v3.21","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"18.2.2-r2","latest_non_vulnerable_version":"20.11.1-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59047?format=json","vulnerability_id":"VCID-13m8-y787-fqb7","summary":"An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62375","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62389","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157","reference_id":"983157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/501255?format=json","purl":"pkg:apk/alpine/asterisk@18.2.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.2.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2021-26717"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13m8-y787-fqb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59045?format=json","vulnerability_id":"VCID-rrat-247u-fybt","summary":"Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712","reference_id":"","reference_type":"","scores":[{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84687","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84711","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84715","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84709","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84697","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/501255?format=json","purl":"pkg:apk/alpine/asterisk@18.2.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.2.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2021-26712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrat-247u-fybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59046?format=json","vulnerability_id":"VCID-vdc7-yt4d-ayb2","summary":"A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31692","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31762","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31728","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.3169","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31657","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31682","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/501255?format=json","purl":"pkg:apk/alpine/asterisk@18.2.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.2.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2021-26713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdc7-yt4d-ayb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59050?format=json","vulnerability_id":"VCID-zk2p-hxmz-yqhb","summary":"An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74587","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74612","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74595","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74621","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159","reference_id":"983159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/501255?format=json","purl":"pkg:apk/alpine/asterisk@18.2.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.2.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2021-26906"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zk2p-hxmz-yqhb"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/asterisk@18.2.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}