{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","type":"deb","namespace":"debian","name":"asterisk","version":"1:16.2.1~dfsg-1+deb10u2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","latest_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59047?format=json","vulnerability_id":"VCID-13m8-y787-fqb7","summary":"An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62346","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62392","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6239","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62375","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62389","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26717"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26717"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157","reference_id":"983157","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983157"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-26717"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13m8-y787-fqb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59055?format=json","vulnerability_id":"VCID-1vcu-q5ry-5fac","summary":"An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558","reference_id":"","reference_type":"","scores":[{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86546","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86569","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86564","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86553","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02875","scoring_system":"epss","scoring_elements":"0.86566","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710","reference_id":"991710","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991710"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-32558"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vcu-q5ry-5fac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59088?format=json","vulnerability_id":"VCID-29xh-xmhv-3ffs","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. A patch is available as a commit in the `master` branch. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722","reference_id":"","reference_type":"","scores":[{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64514","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64557","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64566","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64554","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64543","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00462","scoring_system":"epss","scoring_elements":"0.64562","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_id":"22af44e68a0c7d190ac1e25075e1382f77e9397a","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36","reference_id":"GHSA-m66q-q64c-hv36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-21722"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29xh-xmhv-3ffs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59090?format=json","vulnerability_id":"VCID-34d5-vz5m-mqc5","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723","reference_id":"","reference_type":"","scores":[{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64846","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64888","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64898","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64887","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64876","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00468","scoring_system":"epss","scoring_elements":"0.64893","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_id":"077b465c33f0aec05a49cd2ca456f9a1b112e896","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/2","reference_id":"2","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/2"},{"reference_url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-006.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm","reference_id":"GHSA-7fw8-54cv-r7pm","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:57:51Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-21723"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-34d5-vz5m-mqc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59036?format=json","vulnerability_id":"VCID-4ysp-qqgf-7ubg","summary":"An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61466","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61521","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61509","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61492","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61512","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28242"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713","reference_id":"974713","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-28242"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ysp-qqgf-7ubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59105?format=json","vulnerability_id":"VCID-551t-n4qb-p3hq","summary":"PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763","reference_id":"","reference_type":"","scores":[{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80754","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80781","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80783","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.8078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80776","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01399","scoring_system":"epss","scoring_elements":"0.80796","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24763"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-551t-n4qb-p3hq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59119?format=json","vulnerability_id":"VCID-7pec-5h4d-yff4","summary":"PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to CVE-2023-27585. The difference is that this issue is in parsing the query record `parse_rr()`, while the issue in CVE-2023-27585 is in `parse_query()`. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793","reference_id":"","reference_type":"","scores":[{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65015","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65058","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65069","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65057","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65045","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00472","scoring_system":"epss","scoring_elements":"0.65063","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_id":"9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24793"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7pec-5h4d-yff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59145?format=json","vulnerability_id":"VCID-8t63-f1tx-7bdy","summary":"An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706","reference_id":"","reference_type":"","scores":[{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74583","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74615","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.7462","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74609","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74591","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0081","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html","reference_id":"AST-2022-009.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-009.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-42706"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8t63-f1tx-7bdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59076?format=json","vulnerability_id":"VCID-92c9-qp87-bfc4","summary":"Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62755","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62798","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62797","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43303"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92c9-qp87-bfc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59143?format=json","vulnerability_id":"VCID-a2r2-kh13-y7cr","summary":"A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705","reference_id":"","reference_type":"","scores":[{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81552","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81581","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81583","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81582","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.81575","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01516","scoring_system":"epss","scoring_elements":"0.8159","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html","reference_id":"AST-2022-008.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-008.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-42705"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a2r2-kh13-y7cr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59207?format=json","vulnerability_id":"VCID-b3wc-8zzz-wbhq","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12702","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12669","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17306","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17289","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3","reference_id":"GHSA-rvch-3jmx-3jf3","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:22:49Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23741"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3wc-8zzz-wbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59042?format=json","vulnerability_id":"VCID-b44e-ck1f-xbbh","summary":"An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652","reference_id":"","reference_type":"","scores":[{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36604","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36697","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36705","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36669","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36632","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0016","scoring_system":"epss","scoring_elements":"0.36642","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35652"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372","reference_id":"979372","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979372"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-35652"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b44e-ck1f-xbbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59122?format=json","vulnerability_id":"VCID-be9t-dvvc-ubaw","summary":"An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498","reference_id":"","reference_type":"","scores":[{"value":"0.01011","scoring_system":"epss","scoring_elements":"0.7746","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01011","scoring_system":"epss","scoring_elements":"0.77487","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01011","scoring_system":"epss","scoring_elements":"0.77496","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01011","scoring_system":"epss","scoring_elements":"0.77476","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01011","scoring_system":"epss","scoring_elements":"0.77498","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-be9t-dvvc-ubaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59018?format=json","vulnerability_id":"VCID-cdyb-1ntz-63as","summary":"An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161","reference_id":"","reference_type":"","scores":[{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.8505","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85074","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85078","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85072","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85062","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02307","scoring_system":"epss","scoring_elements":"0.85077","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13161"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13161"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981","reference_id":"931981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931981"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-13161"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cdyb-1ntz-63as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59179?format=json","vulnerability_id":"VCID-ddbj-f24k-ubb1","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779","reference_id":"","reference_type":"","scores":[{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51578","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51607","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51613","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.51591","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00279","scoring_system":"epss","scoring_elements":"0.5156","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47779"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47779"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528","reference_id":"1106528","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106528"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw","reference_id":"GHSA-2grh-7mhv-fcfw","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw"},{"reference_url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample","reference_id":"pjsip.conf.sample","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:25:58Z/"}],"url":"https://github.com/asterisk/asterisk/blob/master/configs/samples/pjsip.conf.sample"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47779"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddbj-f24k-ubb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59151?format=json","vulnerability_id":"VCID-drvj-6p87-rqcn","summary":"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2241","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22361","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22308","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22323","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196088?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-341r-eamh-fbee"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-37457"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-drvj-6p87-rqcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59137?format=json","vulnerability_id":"VCID-fvk6-m3pz-sybd","summary":"PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244","reference_id":"","reference_type":"","scores":[{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55755","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55812","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55817","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55805","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55786","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00325","scoring_system":"epss","scoring_elements":"0.55807","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_id":"c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj","reference_id":"GHSA-fq45-m3f7-3mhj","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-39244"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fvk6-m3pz-sybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59097?format=json","vulnerability_id":"VCID-fzjk-q6nw-jkg9","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63857","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.639","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63907","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63898","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63886","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.63906","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_id":"bc4812d31a67d5e2f973fbfaf950d6118226cf36","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr","reference_id":"GHSA-cxwq-5g9x-x7fr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23547"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fzjk-q6nw-jkg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59061?format=json","vulnerability_id":"VCID-g2xy-5xqx-xken","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706","reference_id":"","reference_type":"","scores":[{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66556","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66597","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66604","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.6659","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66575","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00505","scoring_system":"epss","scoring_elements":"0.66592","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-37706"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2xy-5xqx-xken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59148?format=json","vulnerability_id":"VCID-hg7k-rqnx-nue9","summary":"PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. A patch is available as commit `d1c5e4d` in the `master` branch. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585","reference_id":"","reference_type":"","scores":[{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67916","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67915","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.679","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00537","scoring_system":"epss","scoring_elements":"0.67922","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27585"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697","reference_id":"1036697","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036697"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_id":"d1c5e4da5bae7f220bc30719888bb389c905c0c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5"},{"reference_url":"https://www.debian.org/security/2023/dsa-5438","reference_id":"dsa-5438","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.debian.org/security/2023/dsa-5438"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4","reference_id":"GHSA-p6g5-v97c-w5q4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr","reference_id":"GHSA-q9cp-8wcq-7pfr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr"},{"reference_url":"https://security.gentoo.org/glsa/202409-05","reference_id":"GLSA-202409-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-05"},{"reference_url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm","reference_id":"group__PJ__DNS__RESOLVER.htm","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__RESOLVER.htm"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html","reference_id":"msg00020.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/04/msg00020.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/6422-2/","reference_id":"USN-6422-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2023-27585"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hg7k-rqnx-nue9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59015?format=json","vulnerability_id":"VCID-j37t-xmde-ybfz","summary":"Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827","reference_id":"","reference_type":"","scores":[{"value":"0.18415","scoring_system":"epss","scoring_elements":"0.95357","published_at":"2026-06-04T12:55:00Z"},{"value":"0.18415","scoring_system":"epss","scoring_elements":"0.95365","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18415","scoring_system":"epss","scoring_elements":"0.95367","published_at":"2026-06-06T12:55:00Z"},{"value":"0.18415","scoring_system":"epss","scoring_elements":"0.9537","published_at":"2026-06-08T12:55:00Z"},{"value":"0.18415","scoring_system":"epss","scoring_elements":"0.95374","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12827"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980","reference_id":"931980","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931980"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-12827"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j37t-xmde-ybfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59197?format=json","vulnerability_id":"VCID-jggd-7y6n-5kh6","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1641","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16412","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16366","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22596","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22593","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23738"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh","reference_id":"GHSA-v6hp-wh3r-cwxh","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:43:40Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23738"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jggd-7y6n-5kh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59140?format=json","vulnerability_id":"VCID-jxc9-g6jq-ykes","summary":"PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269","reference_id":"","reference_type":"","scores":[{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3789","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37981","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37984","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37953","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.37918","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0017","scoring_system":"epss","scoring_elements":"0.3793","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-39269"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxc9-g6jq-ykes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59189?format=json","vulnerability_id":"VCID-k18v-akzq-5qd4","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995","reference_id":"","reference_type":"","scores":[{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80945","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80927","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.8093","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80933","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01416","scoring_system":"epss","scoring_elements":"0.80931","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54995"},{"reference_url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_id":"0278f5bde14565c6838a6ec39bc21aee0cde56a9","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1405","reference_id":"1405","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1405"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1406","reference_id":"1406","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1406"},{"reference_url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_id":"eafcd7a451dcd007dddf324ac37dd55a4808338d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2","reference_id":"GHSA-557q-795j-wfx2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T18:53:35Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-54995"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k18v-akzq-5qd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59112?format=json","vulnerability_id":"VCID-kfga-1zjj-yyd2","summary":"PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786","reference_id":"","reference_type":"","scores":[{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73228","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73265","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.7327","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73253","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.7324","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00738","scoring_system":"epss","scoring_elements":"0.73264","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24786"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kfga-1zjj-yyd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59082?format=json","vulnerability_id":"VCID-ktdt-nt2k-ekh2","summary":"PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52258","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52318","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52325","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52305","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52276","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52297","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43845"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktdt-nt2k-ekh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59093?format=json","vulnerability_id":"VCID-ky73-mqpf-97gy","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62372","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62427","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62417","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62416","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092","reference_id":"1032092","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_id":"d8440f4d711a654b511f50f79c0445b26f9dd1e1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w","reference_id":"GHSA-9pfh-r8x4-w26w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23537"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ky73-mqpf-97gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59115?format=json","vulnerability_id":"VCID-mmtv-ad5m-5bf1","summary":"PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792","reference_id":"","reference_type":"","scores":[{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82107","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82136","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82138","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.8214","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82132","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01612","scoring_system":"epss","scoring_elements":"0.82147","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213","reference_id":"947bc1ee6d05be10204b918df75a503415fd3213","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799","reference_id":"GHSA-rwgw-vwxg-q799","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html","reference_id":"msg00047.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:55:19Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00047.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24792"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmtv-ad5m-5bf1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59125?format=json","vulnerability_id":"VCID-mv3r-bq3z-ekby","summary":"An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499","reference_id":"","reference_type":"","scores":[{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.8122","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.81248","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.8125","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.81247","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.81243","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01464","scoring_system":"epss","scoring_elements":"0.8126","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26499"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mv3r-bq3z-ekby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59160?format=json","vulnerability_id":"VCID-n51b-qqvd-j3h8","summary":"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22962","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23071","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23058","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23013","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22959","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033","reference_id":"1059033","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059033"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Dec/24","reference_id":"24","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Dec/24"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/15/7","reference_id":"7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/15/7"},{"reference_url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html","reference_id":"Asterisk-20.1.0-Denial-Of-Service.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"http://packetstormsecurity.com/files/176251/Asterisk-20.1.0-Denial-Of-Service.html"},{"reference_url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05","reference_id":"d7d7764cb07c8a1872804321302ef93bf62cba05","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05"},{"reference_url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race","reference_id":"ES2023-01-asterisk-dtls-hello-race","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/EnableSecurity/advisories/tree/master/ES2023-01-asterisk-dtls-hello-race"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq","reference_id":"GHSA-hxj9-xwr8-w8pq","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-08T14:19:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196088?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-341r-eamh-fbee"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-49786"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n51b-qqvd-j3h8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59109?format=json","vulnerability_id":"VCID-nkdv-45yg-yqen","summary":"PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.815","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81528","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.8153","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81523","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81538","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976","reference_id":"1014976","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014976"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00","reference_id":"560a1346f87aabe126509bb24930106dea292b00","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m","reference_id":"GHSA-f5qg-pqcg-765m","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:56:28Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-24764"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nkdv-45yg-yqen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59064?format=json","vulnerability_id":"VCID-nq8x-bhsd-4ug6","summary":"Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59595","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59645","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59648","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5964","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5962","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59639","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43299"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nq8x-bhsd-4ug6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59039?format=json","vulnerability_id":"VCID-qagm-1qhg-euga","summary":"A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327","reference_id":"","reference_type":"","scores":[{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84687","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84711","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84715","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84709","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.84697","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02188","scoring_system":"epss","scoring_elements":"0.8471","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28327"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712","reference_id":"974712","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-28327"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qagm-1qhg-euga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59182?format=json","vulnerability_id":"VCID-qfwp-7bsd-rfdy","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780","reference_id":"","reference_type":"","scores":[{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64172","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64169","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64164","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00454","scoring_system":"epss","scoring_elements":"0.64161","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-47780"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47780"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530","reference_id":"1106530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106530"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2","reference_id":"GHSA-c7p6-7mvq-8jq2","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T17:24:44Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-47780"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfwp-7bsd-rfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59058?format=json","vulnerability_id":"VCID-qktv-zzmr-ebfx","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686","reference_id":"","reference_type":"","scores":[{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.8249","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82519","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82516","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82509","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01675","scoring_system":"epss","scoring_elements":"0.82522","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32686"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32686"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931","reference_id":"991931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991931"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-32686"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qktv-zzmr-ebfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59073?format=json","vulnerability_id":"VCID-rgqf-d63e-3be8","summary":"Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55398","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55455","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.5546","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55448","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55429","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43302"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgqf-d63e-3be8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59168?format=json","vulnerability_id":"VCID-rhej-23wp-v7cj","summary":"Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491","reference_id":"","reference_type":"","scores":[{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76915","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76922","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.769","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76912","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00963","scoring_system":"epss","scoring_elements":"0.76923","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_id":"4f01669c7c41c9184f3cce9a3cf1b2ebf6201742","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742"},{"reference_url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_id":"50bf8d4d3064930d28ecf1ce3397b14574d514d2","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0","reference_id":"a15050650abf09c10a3c135fab148220cd41d3a0","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9","reference_id":"GHSA-v428-g3cw-7hv9","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42491"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhej-23wp-v7cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59085?format=json","vulnerability_id":"VCID-rjjh-8qvd-mug4","summary":"res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32518","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3259","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32558","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32519","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32509","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073","reference_id":"1018073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018073"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-46837"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rjjh-8qvd-mug4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59165?format=json","vulnerability_id":"VCID-rskg-bn1a-sud4","summary":"Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365","reference_id":"","reference_type":"","scores":[{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96915","published_at":"2026-06-06T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.9692","published_at":"2026-06-09T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96912","published_at":"2026-06-05T12:55:00Z"},{"value":"0.3195","scoring_system":"epss","scoring_elements":"0.96916","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42365"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574","reference_id":"1078574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078574"},{"reference_url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_id":"42a2f4ccfa2c7062a15063e765916b3332e34cc4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4"},{"reference_url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_id":"7a0090325bfa9d778a39ae5f7d0a98109e4651c8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8"},{"reference_url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_id":"b4063bf756272254b160b6d1bd6e9a3f8e16cc71","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/b4063bf756272254b160b6d1bd6e9a3f8e16cc71"},{"reference_url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_id":"bbe68db10ab8a80c29db383e4dfe14f6eafaf993","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/bbe68db10ab8a80c29db383e4dfe14f6eafaf993"},{"reference_url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_id":"faddd99f2b9408b524e5eb8a01589fe1fa282df2","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/commit/faddd99f2b9408b524e5eb8a01589fe1fa282df2"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44","reference_id":"GHSA-c4cg-9275-6w44","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44"},{"reference_url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/14367caaf7241df1eceea7c45c5b261989c2c6db/main/manager.c#L6426"},{"reference_url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426","reference_id":"manager.c#L6426","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T16:38:45Z/"}],"url":"https://github.com/asterisk/asterisk/blob/7d28165cb1b2d02d66e8693bd3fe23ee72fc55d8/main/manager.c#L6426"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-42365"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rskg-bn1a-sud4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59157?format=json","vulnerability_id":"VCID-ru68-dmrf-bfbx","summary":"Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294","reference_id":"","reference_type":"","scores":[{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.9513","published_at":"2026-06-06T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95132","published_at":"2026-06-07T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95131","published_at":"2026-06-08T12:55:00Z"},{"value":"0.17085","scoring_system":"epss","scoring_elements":"0.95136","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032","reference_id":"1059032","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059032"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196088?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-341r-eamh-fbee"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-49294"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ru68-dmrf-bfbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59070?format=json","vulnerability_id":"VCID-sjyv-baqy-6kc1","summary":"Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62755","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62798","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62797","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43301"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjyv-baqy-6kc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59134?format=json","vulnerability_id":"VCID-t6xj-x5br-c3cj","summary":"In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325","reference_id":"","reference_type":"","scores":[{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.71989","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.72029","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.72037","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.72014","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.72001","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0068","scoring_system":"epss","scoring_elements":"0.72025","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html","reference_id":"AST-2022-007.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://downloads.asterisk.org/pub/security/AST-2022-007.html"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-37325"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6xj-x5br-c3cj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59200?format=json","vulnerability_id":"VCID-tnxu-ew29-9ybe","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the ast_xml_open() function in xml.c parses XML documents using libxml with unsafe parsing options that enable entity expansion and XInclude processing. Specifically, it invokes xmlReadFile() with the XML_PARSE_NOENT flag and later processes XIncludes via xmlXIncludeProcess().If any untrusted or user-supplied XML file is passed to this function, it can allow an attacker to trigger XML External Entity (XXE) or XInclude-based local file disclosure, potentially exposing sensitive files from the host system. This can also be triggered in other cases in which the user is able to supply input in xml format that triggers the asterisk process to parse it. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23739.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17683","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17689","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17651","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22529","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22525","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23739"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909","reference_id":"2437909","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437909"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42","reference_id":"GHSA-85x7-54wr-vh42","reference_type":"","scores":[{"value":"2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-06T17:36:34Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23739"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnxu-ew29-9ybe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59079?format=json","vulnerability_id":"VCID-u2e9-pq21-bkha","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53685","published_at":"2026-06-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53694","published_at":"2026-06-06T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53681","published_at":"2026-06-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53658","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43804"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2e9-pq21-bkha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59020?format=json","vulnerability_id":"VCID-uhwr-b373-a3bz","summary":"res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297","reference_id":"","reference_type":"","scores":[{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.8652","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.86542","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.86543","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.86538","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.86527","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02861","scoring_system":"epss","scoring_elements":"0.8654","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15297"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060","reference_id":"940060","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940060"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-15297"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uhwr-b373-a3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59044?format=json","vulnerability_id":"VCID-un2s-uxx4-13cc","summary":"A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24619","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24721","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24711","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24655","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24597","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24606","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35776"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35776"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158","reference_id":"983158","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983158"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2020-35776"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-un2s-uxx4-13cc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59100?format=json","vulnerability_id":"VCID-v8ev-6zfb-xqfz","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608","reference_id":"","reference_type":"","scores":[{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74122","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.7416","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74146","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00784","scoring_system":"epss","scoring_elements":"0.74129","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"http://seclists.org/fulldisclosure/2022/Mar/1","reference_id":"1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://seclists.org/fulldisclosure/2022/Mar/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_id":"Asterisk-Project-Security-Advisory-AST-2022-005.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html"},{"reference_url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f","reference_id":"db3235953baa56d2fb0e276ca510fefca751643f","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f"},{"reference_url":"https://www.debian.org/security/2022/dsa-5285","reference_id":"dsa-5285","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://www.debian.org/security/2022/dsa-5285"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62","reference_id":"GHSA-ffff-m5fm-qm62","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html","reference_id":"msg00021.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-23608"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v8ev-6zfb-xqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59131?format=json","vulnerability_id":"VCID-vzrk-rtxu-k7fd","summary":"PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72867","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72905","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72912","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72895","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72907","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004","reference_id":"1017004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005","reference_id":"1017005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005"},{"reference_url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202","reference_id":"450baca94f475345542c6953832650c390889202","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202"},{"reference_url":"https://www.debian.org/security/2023/dsa-5358","reference_id":"dsa-5358","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://www.debian.org/security/2023/dsa-5358"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj","reference_id":"GHSA-26j7-ww69-c4qj","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html","reference_id":"msg00029.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-31031"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzrk-rtxu-k7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59176?format=json","vulnerability_id":"VCID-xcp6-cew8-7fe1","summary":"A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.   Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1676","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16764","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16722","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1664","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20157","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-1131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1131"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp","reference_id":"GHSA-v9q8-9j8m-5xwp","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/V:C/RE:H/U:Amber"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-09-24T03:55:15Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2025-1131"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcp6-cew8-7fe1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59029?format=json","vulnerability_id":"VCID-xn9t-7f61-ufgz","summary":"An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790","reference_id":"","reference_type":"","scores":[{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91858","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.9187","published_at":"2026-06-05T12:55:00Z"},{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91872","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91869","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91868","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07372","scoring_system":"epss","scoring_elements":"0.91882","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18790"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381","reference_id":"947381","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947381"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-18790"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xn9t-7f61-ufgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59171?format=json","vulnerability_id":"VCID-xrcr-xhum-mbfq","summary":"An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21074","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21183","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21169","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21126","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21063","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53566"},{"reference_url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616","reference_id":"e7c0f44ffb38c00320aa1a6d98bee616","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://gist.github.com/hyp164D1/e7c0f44ffb38c00320aa1a6d98bee616"},{"reference_url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556","reference_id":"manager.c#L2556","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-02T17:37:51Z/"}],"url":"https://github.com/asterisk/asterisk/blob/22/main/manager.c#L2556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2024-53566"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrcr-xhum-mbfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59026?format=json","vulnerability_id":"VCID-xykr-v7tc-2fhx","summary":"An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610","reference_id":"","reference_type":"","scores":[{"value":"0.41746","scoring_system":"epss","scoring_elements":"0.97495","published_at":"2026-06-04T12:55:00Z"},{"value":"0.41746","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-06-07T12:55:00Z"},{"value":"0.41746","scoring_system":"epss","scoring_elements":"0.97502","published_at":"2026-06-08T12:55:00Z"},{"value":"0.41746","scoring_system":"epss","scoring_elements":"0.97503","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18610"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377","reference_id":"947377","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947377"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2019-18610"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xykr-v7tc-2fhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59128?format=json","vulnerability_id":"VCID-xzkj-pajj-dqbj","summary":"An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651","reference_id":"","reference_type":"","scores":[{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73662","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73649","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.73635","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00756","scoring_system":"epss","scoring_elements":"0.7366","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26651"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2022-26651"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xzkj-pajj-dqbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59204?format=json","vulnerability_id":"VCID-ypjq-tgrg-jkff","summary":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23740.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0386","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03847","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06203","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06191","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23740"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438","reference_id":"1127438","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723","reference_id":"2437723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437723"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c","reference_id":"GHSA-xpc6-x892-v83c","reference_type":"","scores":[{"value":"0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-06T19:11:52Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196089?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1"}],"aliases":["CVE-2026-23740"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ypjq-tgrg-jkff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59154?format=json","vulnerability_id":"VCID-z8ac-81bd-7bep","summary":"PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703","reference_id":"","reference_type":"","scores":[{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51719","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51692","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51727","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51673","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0028","scoring_system":"epss","scoring_elements":"0.51705","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37457"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49786"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303","reference_id":"1059303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307","reference_id":"1059307","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059307"},{"reference_url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_id":"6dc9b8c181aff39845f02b4626e0812820d4ef0d","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66","reference_id":"GHSA-f76w-fh7c-pc66","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-19T18:46:16Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00019.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196088?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-341r-eamh-fbee"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4"}],"aliases":["CVE-2023-38703"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8ac-81bd-7bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59050?format=json","vulnerability_id":"VCID-zk2p-hxmz-yqhb","summary":"An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906","reference_id":"","reference_type":"","scores":[{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74587","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74624","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74612","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74595","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00811","scoring_system":"epss","scoring_elements":"0.74621","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26906"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159","reference_id":"983159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983159"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-26906"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zk2p-hxmz-yqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59067?format=json","vulnerability_id":"VCID-zv8y-1d3c-s3bk","summary":"Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62755","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62798","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62797","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43301"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43302"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46837"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21722"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21723"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24786"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"},{"reference_url":"https://usn.ubuntu.com/8122-1/","reference_id":"USN-8122-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8122-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/517161?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u3"}],"aliases":["CVE-2021-43300"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv8y-1d3c-s3bk"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58982?format=json","vulnerability_id":"VCID-18ap-sn7u-s3hd","summary":"An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17090","reference_id":"","reference_type":"","scores":[{"value":"0.80582","scoring_system":"epss","scoring_elements":"0.99157","published_at":"2026-06-04T12:55:00Z"},{"value":"0.80582","scoring_system":"epss","scoring_elements":"0.99158","published_at":"2026-06-07T12:55:00Z"},{"value":"0.80582","scoring_system":"epss","scoring_elements":"0.99159","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17090"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342","reference_id":"883342","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883342"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py","reference_id":"CVE-2017-17090;AST-2017-01","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/43992.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271615?format=json","purl":"pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-1vug-1t5p-pug9"},{"vulnerability":"VCID-25c9-w334-gbdn"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3a1q-j5qj-rbfk"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-64mt-9155-tkbv"},{"vulnerability":"VCID-6msa-75ph-qkf1"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8gc8-cyb2-gube"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-avwt-12vk-8ybn"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-czvg-g2nd-37da"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fb56-35es-v3bz"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-m9ex-4zdb-z7ek"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mszp-vjvd-y7bm"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-pqe1-z1sj-xub6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-ryqs-4pz8-3fev"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-uxyg-qw5v-qqcx"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vnu7-wjv8-eyed"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-we23-mfgn-qkg8"},{"vulnerability":"VCID-wkkh-ka74-ubh6"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-z9b5-rgxt-jbe3"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-17090"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18ap-sn7u-s3hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58972?format=json","vulnerability_id":"VCID-3q36-jek6-wked","summary":"In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an \"externnotify\" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14100","reference_id":"","reference_type":"","scores":[{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97026","published_at":"2026-06-04T12:55:00Z"},{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97029","published_at":"2026-06-05T12:55:00Z"},{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97031","published_at":"2026-06-06T12:55:00Z"},{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97033","published_at":"2026-06-08T12:55:00Z"},{"value":"0.33558","scoring_system":"epss","scoring_elements":"0.97036","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14100"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908","reference_id":"873908","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873908"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271615?format=json","purl":"pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-1vug-1t5p-pug9"},{"vulnerability":"VCID-25c9-w334-gbdn"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3a1q-j5qj-rbfk"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-64mt-9155-tkbv"},{"vulnerability":"VCID-6msa-75ph-qkf1"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8gc8-cyb2-gube"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-avwt-12vk-8ybn"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-czvg-g2nd-37da"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fb56-35es-v3bz"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-m9ex-4zdb-z7ek"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mszp-vjvd-y7bm"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-pqe1-z1sj-xub6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-ryqs-4pz8-3fev"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-uxyg-qw5v-qqcx"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vnu7-wjv8-eyed"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-we23-mfgn-qkg8"},{"vulnerability":"VCID-wkkh-ka74-ubh6"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-z9b5-rgxt-jbe3"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-14100"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q36-jek6-wked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59010?format=json","vulnerability_id":"VCID-a9et-qfg6-yudx","summary":"An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7286","reference_id":"","reference_type":"","scores":[{"value":"0.54632","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-06-09T12:55:00Z"},{"value":"0.54632","scoring_system":"epss","scoring_elements":"0.98078","published_at":"2026-06-07T12:55:00Z"},{"value":"0.54632","scoring_system":"epss","scoring_elements":"0.98079","published_at":"2026-06-06T12:55:00Z"},{"value":"0.54632","scoring_system":"epss","scoring_elements":"0.98077","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228","reference_id":"891228","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891228"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py","reference_id":"CVE-2018-7286","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44181.py"},{"reference_url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md","reference_id":"CVE-2018-7286","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-04-asterisk-pjsip-tcp-segfault/README.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2018-7286"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a9et-qfg6-yudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59034?format=json","vulnerability_id":"VCID-b6fe-tfcc-ekc7","summary":"An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7251","reference_id":"","reference_type":"","scores":[{"value":"0.04411","scoring_system":"epss","scoring_elements":"0.89202","published_at":"2026-06-04T12:55:00Z"},{"value":"0.04411","scoring_system":"epss","scoring_elements":"0.89219","published_at":"2026-06-05T12:55:00Z"},{"value":"0.04411","scoring_system":"epss","scoring_elements":"0.8922","published_at":"2026-06-08T12:55:00Z"},{"value":"0.04411","scoring_system":"epss","scoring_elements":"0.89236","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-7251"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7251"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690","reference_id":"923690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923690"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2019-7251"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6fe-tfcc-ekc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58985?format=json","vulnerability_id":"VCID-c7cg-3ryv-x3ae","summary":"A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17664","reference_id":"","reference_type":"","scores":[{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79893","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79923","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79906","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01276","scoring_system":"epss","scoring_elements":"0.79925","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17664"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17664"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345","reference_id":"884345","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884345"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-17664"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c7cg-3ryv-x3ae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59000?format=json","vulnerability_id":"VCID-d9tf-a5h1-f3ck","summary":"There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17281","reference_id":"","reference_type":"","scores":[{"value":"0.80258","scoring_system":"epss","scoring_elements":"0.9914","published_at":"2026-06-04T12:55:00Z"},{"value":"0.80258","scoring_system":"epss","scoring_elements":"0.99141","published_at":"2026-06-07T12:55:00Z"},{"value":"0.80258","scoring_system":"epss","scoring_elements":"0.99142","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554","reference_id":"909554","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909554"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2018-17281"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d9tf-a5h1-f3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58995?format=json","vulnerability_id":"VCID-ej5v-pfx7-zfdh","summary":"An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12227","reference_id":"","reference_type":"","scores":[{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.77977","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.78004","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.78011","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.78001","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.7799","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0106","scoring_system":"epss","scoring_elements":"0.78007","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954","reference_id":"902954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902954"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2018-12227"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej5v-pfx7-zfdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58980?format=json","vulnerability_id":"VCID-nv71-45bm-4qg8","summary":"An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16672","reference_id":"","reference_type":"","scores":[{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90165","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90181","published_at":"2026-06-05T12:55:00Z"},{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90179","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90178","published_at":"2026-06-07T12:55:00Z"},{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90176","published_at":"2026-06-08T12:55:00Z"},{"value":"0.05269","scoring_system":"epss","scoring_elements":"0.90192","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16672"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16672"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256","reference_id":"881256","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881256"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-16672"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nv71-45bm-4qg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58970?format=json","vulnerability_id":"VCID-pdq4-837m-j3b9","summary":"In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The \"strictrtp\" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The \"nat\" and \"rtp_symmetric\" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14099","reference_id":"","reference_type":"","scores":[{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.58997","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59045","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.5905","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59041","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59025","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00368","scoring_system":"epss","scoring_elements":"0.59042","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14099"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14100"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907","reference_id":"873907","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873907"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271615?format=json","purl":"pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-1vug-1t5p-pug9"},{"vulnerability":"VCID-25c9-w334-gbdn"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3a1q-j5qj-rbfk"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-64mt-9155-tkbv"},{"vulnerability":"VCID-6msa-75ph-qkf1"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8gc8-cyb2-gube"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-avwt-12vk-8ybn"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-czvg-g2nd-37da"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fb56-35es-v3bz"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-m9ex-4zdb-z7ek"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mszp-vjvd-y7bm"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-pqe1-z1sj-xub6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-ryqs-4pz8-3fev"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-uxyg-qw5v-qqcx"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vnu7-wjv8-eyed"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-we23-mfgn-qkg8"},{"vulnerability":"VCID-wkkh-ka74-ubh6"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-z9b5-rgxt-jbe3"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-14099"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdq4-837m-j3b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59005?format=json","vulnerability_id":"VCID-qx2s-jc4s-akcy","summary":"A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7284","reference_id":"","reference_type":"","scores":[{"value":"0.65243","scoring_system":"epss","scoring_elements":"0.98499","published_at":"2026-06-04T12:55:00Z"},{"value":"0.65243","scoring_system":"epss","scoring_elements":"0.98502","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7286"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227","reference_id":"891227","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891227"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py","reference_id":"CVE-2018-7284","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/44184.py"},{"reference_url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md","reference_id":"CVE-2018-7284","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/EnableSecurity/advisories/master/ES2018-01-asterisk-pjsip-subscribe-stack-corruption/README.md"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2018-7284"],"risk_score":1.2,"exploitability":"2.0","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qx2s-jc4s-akcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58987?format=json","vulnerability_id":"VCID-srvv-thfv-tfhw","summary":"An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17850","reference_id":"","reference_type":"","scores":[{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96745","published_at":"2026-06-04T12:55:00Z"},{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96749","published_at":"2026-06-05T12:55:00Z"},{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96753","published_at":"2026-06-08T12:55:00Z"},{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96754","published_at":"2026-06-07T12:55:00Z"},{"value":"0.29958","scoring_system":"epss","scoring_elements":"0.96758","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17850"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072","reference_id":"885072","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885072"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-17850"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srvv-thfv-tfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58967?format=json","vulnerability_id":"VCID-sxye-u2q3-zfa7","summary":"In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14098","reference_id":"","reference_type":"","scores":[{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97414","published_at":"2026-06-04T12:55:00Z"},{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97419","published_at":"2026-06-05T12:55:00Z"},{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97421","published_at":"2026-06-06T12:55:00Z"},{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.9742","published_at":"2026-06-07T12:55:00Z"},{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97422","published_at":"2026-06-08T12:55:00Z"},{"value":"0.40123","scoring_system":"epss","scoring_elements":"0.97423","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909","reference_id":"873909","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873909"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-14098"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxye-u2q3-zfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59031?format=json","vulnerability_id":"VCID-t755-8tku-2kap","summary":"An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18976","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37331","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37422","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37427","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37394","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37356","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37369","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-18976"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18976"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2019-18976"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t755-8tku-2kap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58974?format=json","vulnerability_id":"VCID-vte2-1rmy-73dz","summary":"In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the \"nat\" and \"symmetric_rtp\" options allow redirecting where Asterisk sends the next RTCP report.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14603","reference_id":"","reference_type":"","scores":[{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73434","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.7347","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73476","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73463","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.7345","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00747","scoring_system":"epss","scoring_elements":"0.73474","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14603"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328","reference_id":"876328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876328"},{"reference_url":"https://security.gentoo.org/glsa/201710-29","reference_id":"GLSA-201710-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/271615?format=json","purl":"pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-1vug-1t5p-pug9"},{"vulnerability":"VCID-25c9-w334-gbdn"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3a1q-j5qj-rbfk"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-64mt-9155-tkbv"},{"vulnerability":"VCID-6msa-75ph-qkf1"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8gc8-cyb2-gube"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-avwt-12vk-8ybn"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-czvg-g2nd-37da"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fb56-35es-v3bz"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-m9ex-4zdb-z7ek"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mszp-vjvd-y7bm"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-pqe1-z1sj-xub6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-ryqs-4pz8-3fev"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-uxyg-qw5v-qqcx"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vnu7-wjv8-eyed"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-we23-mfgn-qkg8"},{"vulnerability":"VCID-wkkh-ka74-ubh6"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-z9b5-rgxt-jbe3"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:11.13.1~dfsg-2%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/515646?format=json","purl":"pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-18ap-sn7u-s3hd"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-3q36-jek6-wked"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-a9et-qfg6-yudx"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-b6fe-tfcc-ekc7"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-c7cg-3ryv-x3ae"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-d9tf-a5h1-f3ck"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-ej5v-pfx7-zfdh"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-nv71-45bm-4qg8"},{"vulnerability":"VCID-pdq4-837m-j3b9"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-qx2s-jc4s-akcy"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-srvv-thfv-tfhw"},{"vulnerability":"VCID-sxye-u2q3-zfa7"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-t755-8tku-2kap"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vte2-1rmy-73dz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-w4xt-e4ug-fkd4"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:13.14.1~dfsg-2%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-14603"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vte2-1rmy-73dz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58977?format=json","vulnerability_id":"VCID-w4xt-e4ug-fkd4","summary":"A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16671","reference_id":"","reference_type":"","scores":[{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88044","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88067","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88066","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88068","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03635","scoring_system":"epss","scoring_elements":"0.88083","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16671"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16671"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257","reference_id":"881257","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881257"},{"reference_url":"https://security.gentoo.org/glsa/201811-11","reference_id":"GLSA-201811-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-11"},{"reference_url":"https://usn.ubuntu.com/USN-4814-1/","reference_id":"USN-USN-4814-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4814-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/516631?format=json","purl":"pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%2Bdeb10u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-13m8-y787-fqb7"},{"vulnerability":"VCID-1vcu-q5ry-5fac"},{"vulnerability":"VCID-29xh-xmhv-3ffs"},{"vulnerability":"VCID-34d5-vz5m-mqc5"},{"vulnerability":"VCID-4ysp-qqgf-7ubg"},{"vulnerability":"VCID-551t-n4qb-p3hq"},{"vulnerability":"VCID-7pec-5h4d-yff4"},{"vulnerability":"VCID-8t63-f1tx-7bdy"},{"vulnerability":"VCID-92c9-qp87-bfc4"},{"vulnerability":"VCID-a2r2-kh13-y7cr"},{"vulnerability":"VCID-b3wc-8zzz-wbhq"},{"vulnerability":"VCID-b44e-ck1f-xbbh"},{"vulnerability":"VCID-be9t-dvvc-ubaw"},{"vulnerability":"VCID-cdyb-1ntz-63as"},{"vulnerability":"VCID-ddbj-f24k-ubb1"},{"vulnerability":"VCID-drvj-6p87-rqcn"},{"vulnerability":"VCID-fvk6-m3pz-sybd"},{"vulnerability":"VCID-fzjk-q6nw-jkg9"},{"vulnerability":"VCID-g2xy-5xqx-xken"},{"vulnerability":"VCID-hg7k-rqnx-nue9"},{"vulnerability":"VCID-j37t-xmde-ybfz"},{"vulnerability":"VCID-jggd-7y6n-5kh6"},{"vulnerability":"VCID-jxc9-g6jq-ykes"},{"vulnerability":"VCID-k18v-akzq-5qd4"},{"vulnerability":"VCID-kfga-1zjj-yyd2"},{"vulnerability":"VCID-ktdt-nt2k-ekh2"},{"vulnerability":"VCID-ky73-mqpf-97gy"},{"vulnerability":"VCID-mmtv-ad5m-5bf1"},{"vulnerability":"VCID-mv3r-bq3z-ekby"},{"vulnerability":"VCID-n51b-qqvd-j3h8"},{"vulnerability":"VCID-nkdv-45yg-yqen"},{"vulnerability":"VCID-nq8x-bhsd-4ug6"},{"vulnerability":"VCID-qagm-1qhg-euga"},{"vulnerability":"VCID-qfwp-7bsd-rfdy"},{"vulnerability":"VCID-qktv-zzmr-ebfx"},{"vulnerability":"VCID-rgqf-d63e-3be8"},{"vulnerability":"VCID-rhej-23wp-v7cj"},{"vulnerability":"VCID-rjjh-8qvd-mug4"},{"vulnerability":"VCID-rskg-bn1a-sud4"},{"vulnerability":"VCID-ru68-dmrf-bfbx"},{"vulnerability":"VCID-sjyv-baqy-6kc1"},{"vulnerability":"VCID-t6xj-x5br-c3cj"},{"vulnerability":"VCID-tnxu-ew29-9ybe"},{"vulnerability":"VCID-u2e9-pq21-bkha"},{"vulnerability":"VCID-uhwr-b373-a3bz"},{"vulnerability":"VCID-un2s-uxx4-13cc"},{"vulnerability":"VCID-v8ev-6zfb-xqfz"},{"vulnerability":"VCID-vzrk-rtxu-k7fd"},{"vulnerability":"VCID-xcp6-cew8-7fe1"},{"vulnerability":"VCID-xn9t-7f61-ufgz"},{"vulnerability":"VCID-xrcr-xhum-mbfq"},{"vulnerability":"VCID-xykr-v7tc-2fhx"},{"vulnerability":"VCID-xzkj-pajj-dqbj"},{"vulnerability":"VCID-ypjq-tgrg-jkff"},{"vulnerability":"VCID-z8ac-81bd-7bep"},{"vulnerability":"VCID-zk2p-hxmz-yqhb"},{"vulnerability":"VCID-zv8y-1d3c-s3bk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}],"aliases":["CVE-2017-16671"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4xt-e4ug-fkd4"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.2.1~dfsg-1%252Bdeb10u2"}