Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid

Type deb

Namespace debian

Name asterisk

Version 1:1.6.2.6-1

Qualifiers

distro	sid

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1:1.6.2.9-2+squeeze1

Latest_non_vulnerable_version 1:22.9.0+dfsg+~cs6.16.60671434-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4r9d-zq25-qkhv

vulnerability_id VCID-4r9d-zq25-qkhv

summary main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1224

reference_id

reference_type

scores

value	0.01
scoring_system	epss
scoring_elements	0.77341
published_at	2026-06-04T12:55:00Z

value	0.01
scoring_system	epss
scoring_elements	0.7737
published_at	2026-06-05T12:55:00Z

value	0.01
scoring_system	epss
scoring_elements	0.7738
published_at	2026-06-06T12:55:00Z

value	0.01
scoring_system	epss
scoring_elements	0.77369
published_at	2026-06-07T12:55:00Z

value	0.01
scoring_system	epss
scoring_elements	0.77359
published_at	2026-06-08T12:55:00Z

value	0.01
scoring_system	epss
scoring_elements	0.77381
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1224

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560
reference_id	576560
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576560

fixed_packages

url	pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
purl	pkg:deb/debian/asterisk@1:1.6.2.6-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:1.6.2.6-1%3Fdistro=sid

url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-341r-eamh-fbee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid

url	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl	pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid

aliases CVE-2010-1224

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r9d-zq25-qkhv

url VCID-jqj2-grqv-73ht

vulnerability_id VCID-jqj2-grqv-73ht

summary The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.