Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-u99q-b5ug-jyd5
Vulnerability ID VCID-u99q-b5ug-jyd5
Aliases CVE-2008-3903
Summary Multiple vulnerabilities have been found in Asterisk allowing for Denial of Service and username disclosure.
Status Published
Exploitability 0.5
Weighted Severity 3.1
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
epss 0.00731 https://api.first.org/data/v1/epss?cve=CVE-2008-3903
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2008-3903
Reference id Reference type URL
http://downloads.asterisk.org/pub/security/AST-2009-003.html
http://misel.com/?p=52
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3903.json
https://api.first.org/data/v1/epss?cve=CVE-2008-3903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3903
http://secunia.com/advisories/34982
http://secunia.com/advisories/37677
http://security.gentoo.org/glsa/glsa-200905-01.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/45059
http://www.debian.org/security/2009/dsa-1952
http://www.securityfocus.com/bid/34353
http://www.vupen.com/english/advisories/2009/0933
461271 https://bugzilla.redhat.com/show_bug.cgi?id=461271
522528 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522528
cpe:2.3:a:asterisk:p_b_x:1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.2:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.2.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.4.21.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.4.21.1:*:*:*:*:*:*:*
cpe:2.3:a:asterisk:p_b_x:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:p_b_x:1.6:*:*:*:*:*:*:*
cpe:2.3:a:trixbox:pbx:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:trixbox:pbx:2.6.1:*:*:*:*:*:*:*
CVE-2008-3903 https://nvd.nist.gov/vuln/detail/CVE-2008-3903
GLSA-200905-01 https://security.gentoo.org/glsa/200905-01
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-3903
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.72637
EPSS Score 0.00731
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:05.149005+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200905-01 38.0.0