{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","type":"deb","namespace":"debian","name":"asterisk","version":"0","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.5.0","latest_non_vulnerable_version":"1:22.9.0+dfsg+~cs6.16.60671434-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150632?format=json","vulnerability_id":"VCID-1bxe-fg62-qugd","summary":"The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2014-009.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2014-009.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73972","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73921","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73931","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73956","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73961","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73975","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73999","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.73981","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-6609"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.4.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.5.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6609","reference_id":"CVE-2014-6609","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6609"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-6609"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxe-fg62-qugd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/214753?format=json","vulnerability_id":"VCID-1t3u-22gq-qucr","summary":"Asterisk is an open source private branch exchange and telephony toolkit. After upgrade to 18.23.0, ALL unauthorized SIP requests are identified as PJSIP Endpoint of local asterisk server. This vulnerability is fixed in 18.23.1, 20.8.1, and 21.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35190","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5608","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56054","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56053","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56104","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56109","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5612","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56097","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-35190"},{"reference_url":"https://github.com/asterisk/asterisk/pull/600","reference_id":"600","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/pull/600"},{"reference_url":"https://github.com/asterisk/asterisk/pull/602","reference_id":"602","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/pull/602"},{"reference_url":"https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d","reference_id":"85241bd22936cc15760fd1f65d16c98be7aeaf6d","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/commit/85241bd22936cc15760fd1f65d16c98be7aeaf6d"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9","reference_id":"GHSA-qqxj-v78h-hrf9","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-17T19:33:53Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-qqxj-v78h-hrf9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2024-35190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1t3u-22gq-qucr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196629?format=json","vulnerability_id":"VCID-2xc3-aqh8-cubn","summary":"main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2019-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2019-005.html"},{"reference_url":"http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15639","reference_id":"","reference_type":"","scores":[{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92526","published_at":"2026-04-12T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92484","published_at":"2026-04-01T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.9249","published_at":"2026-04-02T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92499","published_at":"2026-04-04T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92502","published_at":"2026-04-07T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92513","published_at":"2026-04-08T12:55:00Z"},{"value":"0.088","scoring_system":"epss","scoring_elements":"0.92518","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15639"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15639","reference_id":"CVE-2019-15639","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-15639"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2019-15639"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xc3-aqh8-cubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88203?format=json","vulnerability_id":"VCID-3r26-8d9e-aqdm","summary":"asterisk: remote crash in SIP channel driver (AST-2009-002)","references":[{"reference_url":"http://bugs.digium.com/view.php?id=13547","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.digium.com/view.php?id=13547"},{"reference_url":"http://bugs.digium.com/view.php?id=14417","reference_id":"","reference_type":"","scores":[],"url":"http://bugs.digium.com/view.php?id=14417"},{"reference_url":"http://downloads.digium.com/pub/security/AST-2009-002.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.digium.com/pub/security/AST-2009-002.html"},{"reference_url":"http://osvdb.org/52568","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/52568"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0871","reference_id":"","reference_type":"","scores":[{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86448","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86382","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86393","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.8641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86412","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.8643","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.8644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86454","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02947","scoring_system":"epss","scoring_elements":"0.86453","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0871"},{"reference_url":"http://secunia.com/advisories/34229","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/34229"},{"reference_url":"http://www.securityfocus.com/archive/1/501656/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/501656/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/34070","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/34070"},{"reference_url":"http://www.securitytracker.com/id?1021834","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1021834"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0667","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/0667"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=489725","reference_id":"489725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=489725"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:beta4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:1.6.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:c.2.3:-:business:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0871","reference_id":"CVE-2009-0871","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0871"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2009-0871"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3r26-8d9e-aqdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148795?format=json","vulnerability_id":"VCID-4658-u85z-zqhh","summary":"The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2014-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2014-005.html"},{"reference_url":"http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/127087/Asterisk-Project-Security-Advisory-AST-2014-005.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4045","reference_id":"","reference_type":"","scores":[{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82573","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82507","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82522","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82537","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82533","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82559","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82567","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82586","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01754","scoring_system":"epss","scoring_elements":"0.82579","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4045"},{"reference_url":"http://www.securityfocus.com/archive/1/532414/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/532414/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4045","reference_id":"CVE-2014-4045","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4045"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4658-u85z-zqhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140927?format=json","vulnerability_id":"VCID-81tr-5yzn-m7ap","summary":"chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3553","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21098","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2125","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21136","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21197","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21165","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21114","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3553"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2012-3553"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81tr-5yzn-m7ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148796?format=json","vulnerability_id":"VCID-a4na-u27r-sfc5","summary":"The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2014-008.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2014-008.html"},{"reference_url":"http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/127090/Asterisk-Project-Security-Advisory-AST-2014-008.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4048","reference_id":"","reference_type":"","scores":[{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81926","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.8186","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81871","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81894","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.8189","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81917","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81923","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01637","scoring_system":"epss","scoring_elements":"0.81931","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-4048"},{"reference_url":"http://www.securityfocus.com/archive/1/532416/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/532416/100/0/threaded"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.2.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:asterisk:12.3.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4048","reference_id":"CVE-2014-4048","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-4048"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a4na-u27r-sfc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59570?format=json","vulnerability_id":"VCID-agez-w3xn-63bt","summary":"Multiple buffer overflows in Asterisk might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2288","reference_id":"","reference_type":"","scores":[{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91742","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.9175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91764","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91776","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91783","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07478","scoring_system":"epss","scoring_elements":"0.91784","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2288"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2288"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-agez-w3xn-63bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49296?format=json","vulnerability_id":"VCID-an47-cxfn-77e8","summary":"Multiple vulnerabilities have been found in Asterisk, the worst of\n    which may allow execution of arbitrary code.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2013-001.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2013-001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2685","reference_id":"","reference_type":"","scores":[{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92551","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92557","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92564","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92577","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92582","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08932","scoring_system":"epss","scoring_elements":"0.92588","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2685"},{"reference_url":"https://issues.asterisk.org/jira/browse/ASTERISK-20901","reference_id":"","reference_type":"","scores":[],"url":"https://issues.asterisk.org/jira/browse/ASTERISK-20901"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:11.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2685","reference_id":"CVE-2013-2685","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2685"},{"reference_url":"https://security.gentoo.org/glsa/201401-15","reference_id":"GLSA-201401-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2013-2685"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an47-cxfn-77e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42483?format=json","vulnerability_id":"VCID-ge7t-fqyp-vyhz","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43675","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4374","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43743","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43763","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43714","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26713"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ge7t-fqyp-vyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164219?format=json","vulnerability_id":"VCID-jez3-sw2r-r3d6","summary":"An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9937","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56941","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56939","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56993","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5698","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.56956","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9937"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2016-9937"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jez3-sw2r-r3d6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/176824?format=json","vulnerability_id":"VCID-mmng-tcuj-wkhu","summary":"An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable.","references":[{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2018-007.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2018-007.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12228","reference_id":"","reference_type":"","scores":[{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62085","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.61958","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62029","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.6206","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.6203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.6208","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00422","scoring_system":"epss","scoring_elements":"0.62117","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12228"},{"reference_url":"https://issues.asterisk.org/jira/browse/ASTERISK-27807","reference_id":"","reference_type":"","scores":[],"url":"https://issues.asterisk.org/jira/browse/ASTERISK-27807"},{"reference_url":"http://www.securityfocus.com/bid/104457","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104457"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12228","reference_id":"CVE-2018-12228","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:N/A:C"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-12228"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-12228"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mmng-tcuj-wkhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/120836?format=json","vulnerability_id":"VCID-pjwr-x9hp-g7dk","summary":"Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an \"invalid/corrupted\" MIME body, which triggers a crash when the recipient listens to voicemail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4521","reference_id":"","reference_type":"","scores":[{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85042","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85072","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85076","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85098","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.8512","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85118","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02417","scoring_system":"epss","scoring_elements":"0.85115","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4521"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2007-4521"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjwr-x9hp-g7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56275?format=json","vulnerability_id":"VCID-q3py-mykt-4kax","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49832","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39269","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39245","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41348","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41394","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41362","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41315","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41373","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317","reference_id":"1110317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110317"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr","reference_id":"GHSA-mrq5-74j5-f5cr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-01T18:28:56Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/583856?format=json","purl":"pkg:deb/debian/asterisk@1:22.5.1~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.1~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-49832"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3py-mykt-4kax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56276?format=json","vulnerability_id":"VCID-tmja-qaa1-8kex","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57767","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2707","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26929","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26979","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26934","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28205","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-57767"},{"reference_url":"https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f","reference_id":"02993717b08f899d4aca9888062f35dfb198584f","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/commit/02993717b08f899d4aca9888062f35dfb198584f"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470","reference_id":"1112470","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112470"},{"reference_url":"https://github.com/asterisk/asterisk/pull/1407","reference_id":"1407","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/pull/1407"},{"reference_url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j","reference_id":"GHSA-64qc-9x89-rx5j","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:12:27Z/"}],"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j"},{"reference_url":"https://security.gentoo.org/glsa/202601-04","reference_id":"GLSA-202601-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202601-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/585478?format=json","purl":"pkg:deb/debian/asterisk@1:22.5.2~dfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.5.2~dfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2025-57767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmja-qaa1-8kex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/188212?format=json","vulnerability_id":"VCID-ttmk-fs9h-hufh","summary":"An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7287","reference_id":"","reference_type":"","scores":[{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96867","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96879","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96884","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96892","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96896","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96898","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33107","scoring_system":"epss","scoring_elements":"0.96899","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7287"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7287"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttmk-fs9h-hufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31366?format=json","vulnerability_id":"VCID-tw8d-u845-r3dq","summary":"Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24754","reference_id":"","reference_type":"","scores":[{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64356","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64385","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64344","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64393","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.6442","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00466","scoring_system":"epss","scoring_elements":"0.64379","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24754"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24754"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998","reference_id":"1014998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014998"},{"reference_url":"https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47","reference_id":"d27f79da11df7bc8bb56c2f291d71e54df8d2c47","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47"},{"reference_url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662","reference_id":"GHSA-73f7-48m9-w662","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662"},{"reference_url":"https://security.gentoo.org/glsa/202210-37","reference_id":"GLSA-202210-37","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://security.gentoo.org/glsa/202210-37"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html","reference_id":"msg00035.html","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html","reference_id":"msg00038.html","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:12Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"},{"reference_url":"https://usn.ubuntu.com/6422-1/","reference_id":"USN-6422-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6422-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2022-24754"],"risk_score":3.9,"exploitability":"0.5","weighted_severity":"7.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tw8d-u845-r3dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59571?format=json","vulnerability_id":"VCID-wbrs-de57-1bd9","summary":"Multiple buffer overflows in Asterisk might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2289","reference_id":"","reference_type":"","scores":[{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87898","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87908","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87925","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87946","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87952","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87963","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03701","scoring_system":"epss","scoring_elements":"0.87955","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2289"},{"reference_url":"https://security.gentoo.org/glsa/201405-05","reference_id":"GLSA-201405-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2014-2289"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wbrs-de57-1bd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180615?format=json","vulnerability_id":"VCID-xcpx-unz5-gqbp","summary":"Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19278","reference_id":"","reference_type":"","scores":[{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87266","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87292","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.8729","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87317","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87329","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87323","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03349","scoring_system":"epss","scoring_elements":"0.87319","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-19278"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcpx-unz5-gqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42482?format=json","vulnerability_id":"VCID-xr4a-tmxe-8fcd","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712","reference_id":"","reference_type":"","scores":[{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87107","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87117","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87155","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87168","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87163","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0327","scoring_system":"epss","scoring_elements":"0.87158","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26712"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-26712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xr4a-tmxe-8fcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/188210?format=json","vulnerability_id":"VCID-yyjj-7dwq-nueq","summary":"A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7285","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67391","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67427","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67448","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67479","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67516","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67503","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67469","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7285"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2018-7285"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyjj-7dwq-nueq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42487?format=json","vulnerability_id":"VCID-zv1p-p8tb-dqhm","summary":"Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31878","reference_id":"","reference_type":"","scores":[{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40815","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40898","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40926","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40904","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.4091","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40927","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40892","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0019","scoring_system":"epss","scoring_elements":"0.40873","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31878"},{"reference_url":"https://security.gentoo.org/glsa/202412-03","reference_id":"GLSA-202412-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583278?format=json","purl":"pkg:deb/debian/asterisk@0?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582067?format=json","purl":"pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r54j-ydjm-4uca"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/582068?format=json","purl":"pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1062442?format=json","purl":"pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid"}],"aliases":["CVE-2021-31878"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zv1p-p8tb-dqhm"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@0%3Fdistro=sid"}