Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:16.28.0~dfsg-0+deb11u2
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:16.28.0~dfsg-0+deb11u3
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8t63-f1tx-7bdy
vulnerability_id VCID-8t63-f1tx-7bdy
summary An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
reference_id
reference_type
scores
0
value 0.0081
scoring_system epss
scoring_elements 0.74583
published_at 2026-06-04T12:55:00Z
1
value 0.0081
scoring_system epss
scoring_elements 0.74615
published_at 2026-06-05T12:55:00Z
2
value 0.0081
scoring_system epss
scoring_elements 0.7462
published_at 2026-06-06T12:55:00Z
3
value 0.0081
scoring_system epss
scoring_elements 0.74609
published_at 2026-06-07T12:55:00Z
4
value 0.0081
scoring_system epss
scoring_elements 0.74591
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42706
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-009.html
reference_id AST-2022-009.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://downloads.asterisk.org/pub/security/AST-2022-009.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:23:22Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-42706
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8t63-f1tx-7bdy
1
url VCID-a2r2-kh13-y7cr
vulnerability_id VCID-a2r2-kh13-y7cr
summary A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
reference_id
reference_type
scores
0
value 0.01516
scoring_system epss
scoring_elements 0.81552
published_at 2026-06-04T12:55:00Z
1
value 0.01516
scoring_system epss
scoring_elements 0.81581
published_at 2026-06-05T12:55:00Z
2
value 0.01516
scoring_system epss
scoring_elements 0.81583
published_at 2026-06-06T12:55:00Z
3
value 0.01516
scoring_system epss
scoring_elements 0.81582
published_at 2026-06-07T12:55:00Z
4
value 0.01516
scoring_system epss
scoring_elements 0.81575
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-42705
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-008.html
reference_id AST-2022-008.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://downloads.asterisk.org/pub/security/AST-2022-008.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:25:02Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-42705
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2r2-kh13-y7cr
2
url VCID-fvk6-m3pz-sybd
vulnerability_id VCID-fvk6-m3pz-sybd
summary PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39244
reference_id
reference_type
scores
0
value 0.00325
scoring_system epss
scoring_elements 0.55755
published_at 2026-06-04T12:55:00Z
1
value 0.00325
scoring_system epss
scoring_elements 0.55812
published_at 2026-06-05T12:55:00Z
2
value 0.00325
scoring_system epss
scoring_elements 0.55817
published_at 2026-06-06T12:55:00Z
3
value 0.00325
scoring_system epss
scoring_elements 0.55805
published_at 2026-06-07T12:55:00Z
4
value 0.00325
scoring_system epss
scoring_elements 0.55786
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39244
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
reference_id c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
reference_id GHSA-fq45-m3f7-3mhj
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj
12
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://security.gentoo.org/glsa/202210-37
13
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
14
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:48:20Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
15
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-39244
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fvk6-m3pz-sybd
3
url VCID-fzjk-q6nw-jkg9
vulnerability_id VCID-fzjk-q6nw-jkg9
summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23547
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.63857
published_at 2026-06-04T12:55:00Z
1
value 0.00448
scoring_system epss
scoring_elements 0.639
published_at 2026-06-05T12:55:00Z
2
value 0.00448
scoring_system epss
scoring_elements 0.63907
published_at 2026-06-06T12:55:00Z
3
value 0.00448
scoring_system epss
scoring_elements 0.63898
published_at 2026-06-07T12:55:00Z
4
value 0.00448
scoring_system epss
scoring_elements 0.63886
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23547
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
reference_id bc4812d31a67d5e2f973fbfaf950d6118226cf36
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
reference_id GHSA-9pfh-r8x4-w26w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
12
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
reference_id GHSA-cxwq-5g9x-x7fr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
13
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T03:11:54Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
14
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-23547
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fzjk-q6nw-jkg9
4
url VCID-jxc9-g6jq-ykes
vulnerability_id VCID-jxc9-g6jq-ykes
summary PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-39269
reference_id
reference_type
scores
0
value 0.0017
scoring_system epss
scoring_elements 0.3789
published_at 2026-06-04T12:55:00Z
1
value 0.0017
scoring_system epss
scoring_elements 0.37981
published_at 2026-06-05T12:55:00Z
2
value 0.0017
scoring_system epss
scoring_elements 0.37984
published_at 2026-06-06T12:55:00Z
3
value 0.0017
scoring_system epss
scoring_elements 0.37953
published_at 2026-06-07T12:55:00Z
4
value 0.0017
scoring_system epss
scoring_elements 0.37918
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-39269
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
url https://security.gentoo.org/glsa/202210-37
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.3.0~dfsg%2B~cs6.13.40431413-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.3.0~dfsg%2B~cs6.13.40431413-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.3.0~dfsg%252B~cs6.13.40431413-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-39269
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxc9-g6jq-ykes
5
url VCID-ky73-mqpf-97gy
vulnerability_id VCID-ky73-mqpf-97gy
summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62372
published_at 2026-06-04T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62419
published_at 2026-06-05T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62427
published_at 2026-06-06T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62417
published_at 2026-06-07T12:55:00Z
4
value 0.00422
scoring_system epss
scoring_elements 0.62402
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23537
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
reference_id 1032092
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032092
10
reference_url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_id d8440f4d711a654b511f50f79c0445b26f9dd1e1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1
11
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
reference_id GHSA-9pfh-r8x4-w26w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
12
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T14:52:00Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
13
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.4.0~dfsg%2B~cs6.13.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.4.0~dfsg%252B~cs6.13.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-23537
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ky73-mqpf-97gy
6
url VCID-t6xj-x5br-c3cj
vulnerability_id VCID-t6xj-x5br-c3cj
summary In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
reference_id
reference_type
scores
0
value 0.0068
scoring_system epss
scoring_elements 0.71989
published_at 2026-06-04T12:55:00Z
1
value 0.0068
scoring_system epss
scoring_elements 0.72029
published_at 2026-06-05T12:55:00Z
2
value 0.0068
scoring_system epss
scoring_elements 0.72037
published_at 2026-06-06T12:55:00Z
3
value 0.0068
scoring_system epss
scoring_elements 0.72014
published_at 2026-06-07T12:55:00Z
4
value 0.0068
scoring_system epss
scoring_elements 0.72001
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-37325
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://downloads.asterisk.org/pub/security/AST-2022-007.html
reference_id AST-2022-007.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://downloads.asterisk.org/pub/security/AST-2022-007.html
10
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://www.debian.org/security/2023/dsa-5358
11
reference_url https://security.gentoo.org/glsa/202412-03
reference_id GLSA-202412-03
reference_type
scores
url https://security.gentoo.org/glsa/202412-03
12
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-24T14:38:25Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-37325
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t6xj-x5br-c3cj
7
url VCID-vzrk-rtxu-k7fd
vulnerability_id VCID-vzrk-rtxu-k7fd
summary PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31031
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72867
published_at 2026-06-04T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.72905
published_at 2026-06-05T12:55:00Z
2
value 0.00721
scoring_system epss
scoring_elements 0.72912
published_at 2026-06-06T12:55:00Z
3
value 0.00721
scoring_system epss
scoring_elements 0.72895
published_at 2026-06-07T12:55:00Z
4
value 0.00721
scoring_system epss
scoring_elements 0.72882
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31031
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23537
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23547
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31031
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37325
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39244
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39269
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42705
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42706
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004
reference_id 1017004
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017004
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005
reference_id 1017005
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017005
11
reference_url https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
reference_id 450baca94f475345542c6953832650c390889202
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202
12
reference_url https://www.debian.org/security/2023/dsa-5358
reference_id dsa-5358
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://www.debian.org/security/2023/dsa-5358
13
reference_url https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
reference_id GHSA-26j7-ww69-c4qj
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj
14
reference_url https://security.gentoo.org/glsa/202210-37
reference_id GLSA-202210-37
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://security.gentoo.org/glsa/202210-37
15
reference_url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
reference_id msg00029.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html
16
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
reference_id msg00038.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:22Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
17
reference_url https://usn.ubuntu.com/6422-1/
reference_id USN-6422-1
reference_type
scores
url https://usn.ubuntu.com/6422-1/
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-341r-eamh-fbee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
purl pkg:deb/debian/asterisk@1:20.0.1~dfsg%2B~cs6.12.40431414-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:20.0.1~dfsg%252B~cs6.12.40431414-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2022-31031
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vzrk-rtxu-k7fd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u2%3Fdistro=sid