VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-d76h-v3yp-jydf

Essentials
Severities (28)
References (9)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-d76h-v3yp-jydf
Aliases	CVE-2024-42491
Summary	Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
Status	Published
Exploitability	0.5
Weighted Severity	5.1
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-252	Unchecked Return Value
CWE-476	NULL Pointer Dereference

System	Score	Found at
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
epss	0.0039	https://api.first.org/data/v1/epss?cve=CVE-2024-42491
cvssv3.1	5.7	https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
ssvc	Track	https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
cvssv3.1	5.7	https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
ssvc	Track	https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
cvssv3.1	5.7	https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
ssvc	Track	https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
cvssv3.1	5.7	https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
ssvc	Track	https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
cvssv3.1	5.7	https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
ssvc	Track	https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
cvssv3.1	5.7	https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9
ssvc	Track	https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-42491
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42491
42a2f4ccfa2c7062a15063e765916b3332e34cc4		https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4
4f01669c7c41c9184f3cce9a3cf1b2ebf6201742		https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742
50bf8d4d3064930d28ecf1ce3397b14574d514d2		https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2
7a0090325bfa9d778a39ae5f7d0a98109e4651c8		https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8
a15050650abf09c10a3c135fab148220cd41d3a0		https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0
CVE-2024-42491		https://nvd.nist.gov/vuln/detail/CVE-2024-42491
GHSA-v428-g3cw-7hv9		https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/commit/4f01669c7c41c9184f3cce9a3cf1b2ebf6201742

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/commit/50bf8d4d3064930d28ecf1ce3397b14574d514d2

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/commit/7a0090325bfa9d778a39ae5f7d0a98109e4651c8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/commit/a15050650abf09c10a3c135fab148220cd41d3a0

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:48:24Z/ Found at https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9

Exploit Prediction Scoring System (EPSS)

Percentile	0.5925
EPSS Score	0.0039
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:39:11.926846+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.18/main.json	37.0.0