Search for packages
| purl | pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u3 |
| Next non-vulnerable version | 1:22.9.0+dfsg+~cs6.16.60671434-1 |
| Latest non-vulnerable version | 1:22.9.0+dfsg+~cs6.16.60671434-1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1qxc-4xk5-2feu
Aliases: CVE-2026-23740 |
Asterisk: Asterisk: Arbitrary code execution and file overwrite as root via insecure ast_coredumper file handling |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-2qjc-yspn-xydj
Aliases: CVE-2025-47780 |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-43ff-97jw-hkce
Aliases: CVE-2025-1131 |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-55vv-7jsj-xqeh
Aliases: CVE-2023-49294 |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
Affected by 12 other vulnerabilities. |
|
VCID-63fe-saga-13ct
Aliases: CVE-2025-54995 |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8kjy-xtm2-bqan
Aliases: CVE-2026-23739 |
Asterisk: Asterisk: Local file disclosure via unsafe XML parsing |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9u4p-wdky-a3h1
Aliases: CVE-2024-42365 |
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-bk8r-brkr-bqc6
Aliases: CVE-2023-49786 |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
Affected by 12 other vulnerabilities. |
|
VCID-bknu-abgc-bugw
Aliases: CVE-2023-37457 |
Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
Affected by 12 other vulnerabilities. |
|
VCID-gy3u-c6dc-sbbn
Aliases: CVE-2024-53566 |
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-phb4-xaj7-byg2
Aliases: CVE-2026-23741 |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-pmte-bc34-pfcv
Aliases: CVE-2023-38703 |
security update |
Affected by 12 other vulnerabilities. |
|
VCID-qcqe-63ev-f7gv
Aliases: CVE-2024-42491 |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u91b-9huy-43hn
Aliases: CVE-2025-47779 |
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ytty-tbs1-ffc7
Aliases: CVE-2026-23738 |
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user supplied/control values for Cookies and any GET variable query Parameter are directly interpolated into the HTML of the page using ast_str_append. The endpoint at GET /httpstatus is the potential vulnerable endpoint relating to asterisk/main /http.c. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-32hs-eqw2-1kf2 | An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. |
CVE-2019-18790
|
| VCID-34fv-tv5a-tkgw | security update |
CVE-2022-23537
|
| VCID-48pt-6j6q-jbcn | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-23608
|
| VCID-5yue-52xt-ryhw | An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. |
CVE-2019-18610
|
| VCID-6rhm-xrwe-x7af | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-26717
|
| VCID-7kus-4n4f-myd1 | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-26498
|
| VCID-7m8s-6ydk-gbgr | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2021-37706
|
| VCID-8pdp-epea-juhj | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-26499
|
| VCID-8sys-3sj7-c3h6 | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-21722
|
| VCID-8yav-jpp1-rfbe | security update |
CVE-2021-43299
|
| VCID-917e-7kp2-y3hw | res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference. |
CVE-2019-15297
|
| VCID-9at6-bgzv-gue3 | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-39269
|
| VCID-9f9j-z7y7-sffy | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2021-43845
|
| VCID-ap3n-99gn-aucs | A vulnerability has been discovered in PJSIP, which could lead to arbitrary code execution. |
CVE-2023-27585
|
| VCID-b4z5-5hbq-5ka8 | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-42706
|
| VCID-byqv-c5jp-6ybg | security update |
CVE-2021-43301
|
| VCID-cupt-538a-z3fp | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-37325
|
| VCID-ddpb-zwva-rfc5 | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-21723
|
| VCID-epzp-dpmr-33df | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2021-32686
|
| VCID-f5qc-tsbr-1yap | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2021-43804
|
| VCID-fjzf-5rtw-rqfj | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-26906
|
| VCID-gkcp-1zz6-tfb5 | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling. |
CVE-2020-28327
|
| VCID-h193-vjhb-j3a3 | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2021-32558
|
| VCID-hj93-7z1r-vkfk | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24763
|
| VCID-huqt-1fv6-67cz | An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. |
CVE-2020-35652
|
| VCID-n6mj-v1nc-hke9 | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24793
|
| VCID-nf5d-nejq-mkd9 | security update |
CVE-2021-43303
|
| VCID-ngds-k5mh-t3ae | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-31031
|
| VCID-psbg-wv2x-w7ba | security update |
CVE-2022-23547
|
| VCID-r8b9-jcqa-xyb2 | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2020-35776
|
| VCID-tqwd-ffwc-mkd1 | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24792
|
| VCID-tyh4-14zn-63ez | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. |
CVE-2020-28242
|
| VCID-v7ev-jtsg-cqdg | security update |
CVE-2021-46837
|
| VCID-vwf4-v4ve-4yfh | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-39244
|
| VCID-w9ce-m3x8-n3ak | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24786
|
| VCID-x2gp-mft6-1yhy | An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). |
CVE-2019-13161
|
| VCID-xbe4-uvqu-6kf7 | Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message. |
CVE-2019-12827
|
| VCID-y6sx-xqsh-wbcg | Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. |
CVE-2022-24764
|
| VCID-yx1m-ayfg-ryc3 | security update |
CVE-2021-43300
|
| VCID-z3fq-m317-ckb8 | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-26651
|
| VCID-zabf-adce-sqde | Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to privilege escalation. |
CVE-2022-42705
|
| VCID-zxkf-88k3-3qcn | security update |
CVE-2021-43302
|