MidnightBSD

Advisories for digium

CVE-2003-0761 HIGH

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.2.13
CVE-2003-0779 HIGH

SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 0.1.9.1
digium asterisk 0.2
digium asterisk 0.1.7
digium asterisk 0.4
digium asterisk 0.1.9
digium asterisk 0.3
digium asterisk 0.1.8
CVE-2005-2081 MEDIUM

Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.0.7
CVE-2005-3559 MEDIUM

Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.0.8
digium asterisk 1.0.9
digium asterisk 0.7.2
digium asterisk 0.1.9
digium asterisk 0.4.0
digium asterisk 0.2.0
digium asterisk 0.1.5
digium asterisk 0.1.1
digium asterisk 1.0.0
digium asterisk 1.0.3
digium asterisk 1.0.2
digium asterisk 0.1.2
digium asterisk 1.2.0_beta1
digium asterisk 1.0_rc2
digium asterisk 0.1.6
digium asterisk 0.1.8
digium asterisk 0.1.4
digium asterisk 0.3.0
digium asterisk 0.7.0
digium asterisk 0.1.7
digium asterisk 1.0.6
digium asterisk 0.1.10
digium asterisk 0.7.1
digium asterisk 1.0.4
digium asterisk 1.0.5
digium asterisk 0.1.0
digium asterisk 1.0_rc1
digium asterisk 0.1.3
digium asterisk 0.1.11
digium asterisk 1.0.1
digium asterisk 0.1.12
digium asterisk 1.0.7
digium asterisk 0.5.0
CVE-2006-1827 MEDIUM

Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.0.8
digium asterisk 1.0.9
digium asterisk 0.7.2
digium asterisk 0.1.9
digium asterisk 0.4.0
digium asterisk 0.2.0
digium asterisk 0.1.5
digium asterisk 0.1.1
digium asterisk 0.1.9.1
digium asterisk 1.0.0
digium asterisk 1.0.3
digium asterisk 1.0.2
digium asterisk 0.2
digium asterisk 0.1.2
digium asterisk 1.2.0_beta1
digium asterisk 1.0_rc2
digium asterisk 0.1.6
digium asterisk 0.1.8
digium asterisk 0.1.4
digium asterisk 0.3.0
digium asterisk 0.7.0
digium asterisk *
digium asterisk 0.1.7
digium asterisk 1.0.6
digium asterisk 0.4
digium asterisk 0.3
digium asterisk 0.1.10
digium asterisk 0.7.1
digium asterisk 1.0.4
digium asterisk 1.0.5
digium asterisk 0.1.0
digium asterisk 1.0_rc1
digium asterisk 0.1.3
digium asterisk 0.1.11
digium asterisk 1.0.1
digium asterisk 0.1.12
digium asterisk 1.0.7
digium asterisk 0.5.0
CVE-2006-2898 HIGH

The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 1.0.8
digium asterisk 1.0.9
digium asterisk 1.2.0_beta2
digium asterisk 1.2.7
digium asterisk 1.2.0_beta1
digium asterisk 1.0.10
digium asterisk 1.2.6
digium asterisk 1.0.7
digium asterisk 1.2.8
CVE-2007-4103 HIGH

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-772,

Products Affected

Vendor Product Version
digium asterisk *
digium asterisk_appliance_developer_kit *
CVE-2009-2726 HIGH

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-770,

Products Affected

Vendor Product Version
digium asterisk *
digium s800i_firmware *
CVE-2010-0685 MEDIUM

The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk b.2.3.1
digium asterisk 1.2.12
digium asterisk c.3.0
digium asterisk b.2.3.4
digium asterisk 1.2.30
digium asterisk 1.2.35
digium asterisk 1.2.26.2
digium asterisk 1.4.12
digium asterisk 1.4.10
digium asterisk 1.4.2
digium asterisk 1.2.30.4
digium asterisk 1.4.3
digium asterisk 1.4.8
digium asterisk 1.2.32
digium asterisk 1.4.20
digium asterisk 1.2.11
digium asterisk c.1.6.2
digium asterisk 1.2.7
digium asterisk 1.2.21
digium asterisk 1.4.21
digium asterisk 1.4.6
digium asterisk 1.2.15
digium asterisk b.1.3.2
digium asterisk 1.2.33
digium asterisk 1.4.5
digium asterisk 1.2.16
digium asterisk 1.2.3
digium asterisk c.2.3
digium asterisk b.2.3.2
digium asterisk 1.2.30.1
digium asterisk b.1.3.3
digium asterisk b.2.5.2
digium asterisk 1.2.28.1
digium asterisk 1.2.36
digium asterisk 1.2.9
digium asterisk 1.2.6
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk 1.2.26.1
digium asterisk b.2.5.3
digium asterisk 1.2.30.3
digium asterisk 1.4.25
digium asterisk 1.2.29
digium asterisk c.1.6
digium asterisk 1.4.4
digium asterisk 1.4.9
digium asterisk 1.4.7
digium asterisk 1.2.8
digium asterisk 1.2.31
digium asterisk 1.2.14
digium asterisk c.1.0
digium asterisk b.2.3.6
digium asterisk 1.2.30.2
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.2.28
digium asterisk 1.2.12.1
digium asterisk 1.2.34
digium asterisk 1.2.2
digium asterisk 1.4.17
digium asterisk b.2.5.0
digium asterisk c.1.6.1
digium asterisk 1.2.13
digium asterisk 1.4.18
digium asterisk b.2.2.1
digium asterisk 1.2.0
digium asterisk 1.2.26
digium asterisk 1.4.13
digium asterisk 1.2.19
digium asterisk 1.2.17
digium asterisk 1.4.22
digium asterisk 1.2.24
digium asterisk 1.4.14
digium asterisk 1.2.10
digium asterisk b.2.2.0
digium asterisk 1.2.31.1
digium asterisk 1.4.16
digium asterisk 1.2.18
digium asterisk b.2.3.3
digium asterisk 1.4.26
digium asterisk 1.2.23
digium asterisk 1.2.21.1
digium asterisk 1.4.27
digium asterisk c.1.8.1
digium asterisk 1.2.25
digium asterisk 1.2.20
digium asterisk 1.6.1
digium asterisk 1.2.22
digium asterisk 1.2.1
digium asterisk 1.4.15
digium asterisk 1.6.0
digium asterisk c.1.8.0
digium asterisk b.2.5.1
digium asterisk 1.4.11
digium asterisk 1.4.19
digium asterisk 1.2.27
digium asterisk b.2.3.5
CVE-2010-1224 MEDIUM

main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
digium asterisk 1.6.0.16
digium asterisk 1.6.1.2
digium asterisk 1.6.2.1
digium asterisk 1.6.0.10
digium asterisk 1.6.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.0.5
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk 1.6.0.23
digium asterisk 1.6.0.2
digium asterisk 1.6.1.15
digium asterisk 1.6.1.6
digium asterisk 1.6.0.18
digium asterisk 1.6.0.6
digium asterisk 1.6.0.21
digium asterisk 1.6.0.24
digium asterisk 1.6.1.12
digium asterisk 1.6.0.1
digium asterisk 1.6.1
digium asterisk 1.6.0.7
digium asterisk 1.6.0.9
digium asterisk 1.6.1.1
digium asterisk 1.6.0.8
digium asterisk 1.6.0.3
digium asterisk 1.6.2.4
digium asterisk 1.6.0.15
digium asterisk 1.6.0.17
digium asterisk 1.6.0.19
digium asterisk 1.6.0
digium asterisk 1.6.0.12
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.0.20
digium asterisk 1.6.1.13
digium asterisk 1.6.0.22
digium asterisk 1.6.1.9
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.6.0.13
digium asterisk 1.6.0.14
digium asterisk 1.6.1.5
digium asterisk 1.6.1.8
digium asterisk 1.6.1.10
CVE-2011-0495 MEDIUM

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
digium asterisknow 1.5
digium asterisk *
digium s800i_firmware 1.2.0
fedoraproject fedora 14
debian debian_linux 6.0
fedoraproject fedora 13
CVE-2011-1147 MEDIUM

Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk c.3.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk c.3.0
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.6.1.17
digium asterisk 1.4.2
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.4.3
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.4.16.2
digium s800i *
digium asterisk 1.4.36
digium asterisk 1.4.20
digium asterisk c.1.6.2
digium asterisk 1.8.1.1
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.1.13
digium asterisk 1.6.1.20
digium asterisk 1.4.21
digium asterisk 1.6.1.8
digium asterisk 1.4.33
digium asterisk c.2.3
digium asterisk 1.6.1.18
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk c.3.1.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.8.1
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk c.1.6
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.39
digium asterisk 1.6.1.10
digium asterisk 1.4.37
digium asterisknow 1.5
digium asterisk 1.4.19.2
digium asterisk c.1.0
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk c.1.6.1
digium asterisk 1.4.18
digium asterisk 1.6.1.1
digium asterisk 1.4.13
digium asterisk 1.6.2.4
digium asterisk 1.4.16.1
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.4.29.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.4.21.2
digium asterisk 1.6.1.2
digium asterisk 1.6.1.3
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk c.3.3.2
digium asterisk 1.6.1.15
digium asterisk 1.4.24.1
digium asterisk 1.6.1.6
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk c.1.8.1
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk c.3.6.2
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk c.3.2.3
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk c.3.1.0
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk c.1.8.0
digium asterisk 1.8.2
digium asterisk 1.4.11
digium asterisk 1.4.19
digium asterisk 1.6.1.5
CVE-2011-1174 MEDIUM

manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 1.6.1.2
digium asterisk 1.6.2.1
digium asterisk 1.6.1.3
digium asterisk 1.6.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.6.1.18
digium asterisk 1.6.1.15
digium asterisk 1.6.2.17.1
digium asterisk 1.6.1.6
digium asterisk 1.6.2.15
digium asterisk 1.6.2.6
digium asterisk 1.8.2.2
digium asterisk 1.6.2.16
digium asterisk 1.6.2.5
digium asterisk 1.8.3.1
digium asterisk 1.6.1.22
digium asterisk 1.6.1.17
digium asterisk 1.6.2.16.1
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.6.1
digium asterisk 1.6.1.1
digium asterisk 1.8.2.3
digium asterisk 1.6.2.4
digium asterisk 1.8.3
digium asterisk 1.6.1.23
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.2.17
digium asterisk 1.6.1.13
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.8.2
digium asterisk 1.6.2.3
digium asterisk 1.6.1.20
digium asterisk 1.6.2.0
digium asterisk 1.6.1.5
digium asterisk 1.6.1.8
digium asterisk 1.6.1.10
CVE-2011-1175 MEDIUM

tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.6.1.2
digium asterisk 1.6.2.1
digium asterisk 1.6.1.3
digium asterisk 1.6.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.6.1.18
digium asterisk 1.6.1.15
digium asterisk 1.6.1.6
digium asterisk 1.6.2.15
digium asterisk 1.6.2.6
digium asterisk 1.8.2.2
digium asterisk 1.6.2.16
digium asterisk 1.6.2.5
digium asterisk 1.6.1.22
digium asterisk 1.6.1.17
digium asterisk 1.6.2.16.1
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.6.1
digium asterisk 1.6.1.1
digium asterisk 1.8.2.3
digium asterisk 1.6.2.4
digium asterisk 1.8.3
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.2.17
digium asterisk 1.6.1.13
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.8.2
digium asterisk 1.6.2.3
digium asterisk 1.6.1.20
digium asterisk 1.6.2.0
digium asterisk 1.6.1.5
digium asterisk 1.6.1.8
digium asterisk 1.6.1.10
CVE-2011-1507 MEDIUM

Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk c.3.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk c.3.0
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.6.1.17
digium asterisk 1.4.2
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.4.3
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.4.16.2
digium asterisk 1.4.36
digium asterisk 1.4.20
digium asterisk 1.8.3
digium asterisk c.1.6.2
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.1.13
digium asterisk 1.6.1.20
digium asterisk 1.6.1.24
digium asterisk 1.4.21
digium asterisk 1.6.1.8
digium asterisk 1.6.2.17.2
digium asterisk 1.4.33
digium asterisk c.2.3
digium asterisk 1.6.1.18
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.4.40
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk c.3.1.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.8.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk c.1.6
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.39
digium asterisk 1.6.1.10
digium asterisk 1.4.37
digium asterisk 1.4.19.2
digium asterisk c.1.0
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk c.1.6.1
digium asterisk 1.8.3.1
digium asterisk 1.6.1.22
digium asterisk 1.4.18
digium asterisk 1.6.1.1
digium asterisk 1.4.13
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.4.16.1
digium asterisk 1.6.1.23
digium asterisk 1.6.2.17
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.4.29.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.4.21.2
digium asterisk 1.6.1.2
digium asterisk 1.6.1.3
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk c.3.3.2
digium asterisk 1.6.1.15
digium asterisk 1.4.24.1
digium asterisk 1.6.2.17.1
digium asterisk 1.6.1.6
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk c.1.8.1
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk c.3.6.2
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk c.3.2.3
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk c.3.1.0
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk c.1.8.0
digium asterisk 1.8.2
digium asterisk 1.4.11
digium asterisk 1.4.19
digium asterisk 1.6.1.5
CVE-2011-1599 HIGH

manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk c.3.2.2
digium asterisk 1.6.1.16
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk c.3.0
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.6.1.17
digium asterisk 1.4.2
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.4.3
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.4.16.2
digium asterisk 1.4.36
digium asterisk 1.4.20
digium asterisk 1.8.3
digium asterisk c.1.6.2
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.1.13
digium asterisk 1.6.1.20
digium asterisk 1.6.1.24
digium asterisk 1.4.21
digium asterisk 1.6.1.8
digium asterisk 1.6.2.17.2
digium asterisk 1.4.33
digium asterisk c.2.3
digium asterisk 1.6.1.18
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.4.40
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk c.3.1.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.8.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk c.1.6
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.39
digium asterisk 1.6.1.10
digium asterisk 1.4.37
digium asterisk 1.4.19.2
digium asterisk c.1.0
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk c.1.6.1
digium asterisk 1.8.3.1
digium asterisk 1.6.1.22
digium asterisk 1.4.18
digium asterisk 1.6.1.1
digium asterisk 1.4.13
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.4.16.1
digium asterisk 1.6.1.23
digium asterisk 1.6.2.17
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.4.29.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.4.21.2
digium asterisk 1.6.1.2
digium asterisk 1.6.1.3
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk c.3.3.2
digium asterisk 1.6.1.15
digium asterisk 1.4.24.1
digium asterisk 1.6.2.17.1
digium asterisk 1.6.1.6
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk c.1.8.1
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk c.3.6.2
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk c.3.2.3
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk c.3.1.0
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk c.1.8.0
digium asterisk 1.8.2
digium asterisk 1.4.11
digium asterisk 1.4.19
digium asterisk 1.6.1.5
CVE-2011-2216 MEDIUM

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.8.4
digium asterisk 1.8.2.3
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.3.3
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.2.1
digium asterisk 1.8.2.2
digium asterisk 1.8.2
digium asterisk 1.8.3.1
CVE-2011-2529 MEDIUM

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 1.6.0.16
digium asterisk 1.6.2.1
digium asterisk 1.6.2.2
digium asterisk 1.6.1.16
digium asterisk 1.8.4
digium asterisk 1.6.0.5
digium asterisk 1.6.1.7
digium asterisk 1.6.1.4
digium asterisk 1.6.0.2
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.6.2.15
digium asterisk 1.6.2.6
digium asterisk 1.8.3.1
digium asterisk 1.6.1.22
digium asterisk 1.6.0.21
digium asterisk 1.6.1.17
digium asterisk 1.6.0.24
digium asterisk 1.6.1.19
digium asterisk 1.6.1.21
digium asterisk 1.6.1.12
digium asterisk 1.6.1.0
digium asterisk 1.6.1.1
digium asterisk 1.6.2.17.3
digium asterisk 1.6.0.8
digium asterisk 1.8.4.1
digium asterisk 1.6.0.3
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.8.3
digium asterisk 1.6.0.17
digium asterisk 1.8.3.3
digium asterisk 1.6.0.19
digium asterisk 1.6.1.23
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.6.1.11
digium asterisk 1.6.1.14
digium asterisk 1.6.2.17
digium asterisk 1.6.0.20
digium asterisk 1.6.1.13
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.6.1.9
digium asterisk 1.6.1.20
digium asterisk 1.6.1.24
digium asterisk 1.6.0.13
digium asterisk 1.6.1.8
digium asterisk 1.6.2.17.2
digium asterisk 1.6.0.25
digium asterisk 1.6.2.18
digium asterisk 1.8.4.2
digium asterisk 1.6.1.2
digium asterisk 1.6.1.3
digium asterisk 1.6.0.10
digium asterisk 1.6.0.23
digium asterisk 1.6.1.18
digium asterisk 1.6.1.15
digium asterisk 1.6.2.17.1
digium asterisk 1.6.1.6
digium asterisk 1.8.2.2
digium asterisk 1.6.2.16
digium asterisk 1.6.0.18
digium asterisk 1.6.2.5
digium asterisk 1.6.0.6
digium asterisk 1.6.2.16.1
digium asterisk 1.6.0.1
digium asterisk 1.6.1
digium asterisk 1.6.0.7
digium asterisk 1.6.0.11
digium asterisk 1.6.0.26
digium asterisk 1.6.0.4
digium asterisk 1.6.0.9
digium asterisk 1.8.2.3
digium asterisk 1.6.0.15
digium asterisk 1.6.0
digium asterisk 1.6.0.12
digium asterisk 1.8.1
digium asterisk 1.6.0.22
digium asterisk 1.8.2
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.6.0.14
digium asterisk 1.6.1.5
digium asterisk 1.6.1.10
CVE-2011-2535 MEDIUM

chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 1.4.40.1
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk c.3.2.2
digium asterisk c.3.0
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.4.2
digium asterisk 1.4.3
digium asterisk 1.4.16.2
digium asterisk 1.4.36
digium asterisk 1.4.8
digium asterisk 1.4.20
digium asterisk 1.8.3
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.4.21
digium asterisk 1.4.7.1
digium asterisk 1.4.6
digium asterisk 1.6.2.17.2
digium asterisk 1.4.5
digium asterisk 1.4.33
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.4.40
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk c.3.1.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.4.40.2
digium asterisk 1.8.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.4
digium asterisk 1.4.9
digium asterisk 1.4.39
digium asterisk 1.4.7
digium asterisk 1.4.41
digium asterisk 1.4.37
digium asterisk 1.4.19.2
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.8.4
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk c.3.6.4
digium asterisk 1.8.3.1
digium asterisk 1.4.18
digium asterisk 1.6.2.17.3
digium asterisk 1.4.13
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.8.3.3
digium asterisk 1.4.16.1
digium asterisk 1.6.2.17
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.4.29.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.6.2.18
digium asterisk 1.4.21.2
digium asterisk 1.8.4.2
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk c.3.3.2
digium asterisk 1.4.24.1
digium asterisk 1.6.2.17.1
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk c.3.6.2
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk c.3.2.3
digium asterisk c.3.6.3
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk c.3.1.0
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk 1.8.2
digium asterisk 1.4.11
digium asterisk 1.4.19
CVE-2011-2536 MEDIUM

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
digium asterisk 1.4.40.1
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk c.3.2.2
digium asterisk c.3.0
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.4.2
digium asterisk 1.4.3
digium asterisk 1.4.16.2
digium asterisk 1.4.36
digium asterisk 1.4.8
digium asterisk 1.4.20
digium asterisk 1.8.3
digium asterisk 1.4.41.1
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.4.21
digium asterisk 1.4.7.1
digium asterisk 1.4.6
digium asterisk 1.6.2.17.2
digium asterisk 1.4.5
digium asterisk 1.4.33
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.4.40
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk c.3.1.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.4.40.2
digium asterisk 1.6.2.18.1
digium asterisk 1.8.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.4
digium asterisk 1.4.9
digium asterisk 1.4.39
digium asterisk 1.4.7
digium asterisk 1.4.41
digium asterisk 1.4.37
digium asterisk 1.4.19.2
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.8.4
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk c.3.6.4
digium asterisk 1.8.3.1
digium asterisk 1.4.18
digium asterisk 1.6.2.17.3
digium asterisk 1.4.13
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.8.3.3
digium asterisk 1.4.16.1
digium asterisk 1.6.2.17
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.4.29.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.6.2.18
digium asterisk 1.4.21.2
digium asterisk 1.8.4.2
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk c.3.3.2
digium asterisk 1.4.24.1
digium asterisk 1.6.2.17.1
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk 1.8.4.3
digium asterisk c.3.6.2
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk c.3.2.3
digium asterisk c.3.6.3
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk c.3.1.0
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk 1.8.2
digium asterisk 1.4.11
digium asterisk 1.4.19
CVE-2011-2665 MEDIUM

reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 1.8.4.2
digium asterisk 1.8.4
digium asterisk 1.8.2.3
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.3.3
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.2.1
digium asterisk 1.8.2.2
digium asterisk 1.8.2
digium asterisk 1.8.3.1
CVE-2011-2666 MEDIUM

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
digium asterisk 1.4.37
digium asterisk 1.4.40.1
digium asterisk 1.4.19.2
digium asterisk 1.4.31
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.1
digium asterisk 1.6.2.2
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.4.21.1
digium asterisk 1.4.26.1
digium asterisk 1.4.38
digium asterisk 1.4.12
digium asterisk 1.4.17
digium asterisk 1.6.2.15
digium asterisk 1.6.2.6
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.4.18
digium asterisk 1.4.2
digium asterisk 1.4.3
digium asterisk 1.4.16.2
digium asterisk 1.4.36
digium asterisk 1.4.8
digium asterisk 1.6.2.17.3
digium asterisk 1.4.13
digium asterisk 1.4.20
digium asterisk 1.6.2.4
digium asterisk 1.4.16.1
digium asterisk 1.4.41.1
digium asterisk 1.6.2.17
digium asterisk 1.6.2.16.2
digium asterisk 1.6.2.18.2
digium asterisk 1.4.29.1
digium asterisk 1.4.21
digium asterisk 1.4.7.1
digium asterisk 1.4.22
digium asterisk 1.4.6
digium asterisk 1.4.14
digium asterisk 1.6.2.17.2
digium asterisk 1.4.5
digium asterisk 1.6.2.18
digium asterisk 1.4.21.2
digium asterisk 1.4.33
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk 1.4.24.1
digium asterisk 1.4.26.3
digium asterisk 1.6.2.17.1
digium asterisk 1.4.32
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk 1.6.2.5
digium asterisk 1.4.10.1
digium asterisk 1.4.40
digium asterisk 1.6.2.16.1
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk 1.4.25
digium asterisk 1.4.33.1
digium asterisk 1.4.35
digium asterisk 1.4.23.1
digium asterisk 1.4.28
digium asterisk 1.4.40.2
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk 1.6.2.18.1
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk 1.6.2.3
digium asterisk 1.4.41.2
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.4
digium asterisk 1.4.9
digium asterisk 1.4.39
digium asterisk 1.4.7
digium asterisk 1.4.11
digium asterisk 1.4.19
digium asterisk 1.4.41
CVE-2011-4597 MEDIUM

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
digium asterisk 1.4.40.1
digium asterisk 1.4.31
digium asterisk 1.6.2.1
digium asterisk 1.6.2.19
digium asterisk 1.8.0
digium asterisk 1.4.26.1
digium asterisk 1.4.12
digium asterisk 1.6.2.15
digium asterisk 1.4.23.2
digium asterisk 1.4.10
digium asterisk 1.4.27.1
digium asterisk 1.4.2
digium asterisk 1.4.3
digium asterisk 1.4.16.2
digium asterisk 1.8.6.0
digium asterisk 1.4.36
digium asterisk 1.4.8
digium asterisk 1.4.20
digium asterisk 1.4.42
digium asterisk 1.8.3
digium asterisk 1.4.41.1
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.4.21
digium asterisk 1.4.7.1
digium asterisk 1.4.6
digium asterisk 1.6.2.21
digium asterisk 1.6.2.17.2
digium asterisk 1.4.5
digium asterisk 1.8.4.4
digium asterisk 1.4.33
digium asterisk 1.4.26.3
digium asterisk 1.4.32
digium asterisk 1.8.2.2
digium asterisk 1.6.2.5
digium asterisk 1.8.5.0
digium asterisk 1.4.40
digium asterisk 1.6.2.20
digium asterisk 1.4.0
digium asterisk 1.4.1
digium asterisk 1.4.25
digium asterisk 1.4.35
digium asterisk 1.4.28
digium asterisk 1.4.40.2
digium asterisk 1.8.1
digium asterisk 1.4.39.2
digium asterisk 1.4.20.1
digium asterisk 1.4.26.2
digium asterisk 1.6.2.3
digium asterisk 1.6.2.0
digium asterisk 1.4.22.1
digium asterisk 1.4.4
digium asterisk 1.4.9
digium asterisk 1.4.39
digium asterisk 1.4.7
digium asterisk 1.4.41
digium asterisk 1.4.37
digium asterisk 1.4.19.2
digium asterisk 1.4.23
digium asterisk 1.4.24
digium asterisk 1.6.2.2
digium asterisk 1.8.4
digium asterisk 1.4.34
digium asterisk 1.4.39.1
digium asterisk 1.8.1.2
digium asterisk 1.4.21.1
digium asterisk 1.4.38
digium asterisk 1.4.17
digium asterisk 1.6.2.6
digium asterisk 1.8.3.1
digium asterisk 1.4.18
digium asterisk 1.8.7.0
digium asterisk 1.6.2.17.3
digium asterisk 1.4.13
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.8.3.3
digium asterisk 1.4.16.1
digium asterisk 1.6.2.17
digium asterisk 1.8.5
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.4.29.1
digium asterisk 1.8.7.1
digium asterisk 1.4.22
digium asterisk 1.4.14
digium asterisk 1.6.2.18
digium asterisk 1.4.21.2
digium asterisk 1.8.4.2
digium asterisk 1.4.12.1
digium asterisk 1.4.22.2
digium asterisk 1.4.16
digium asterisk 1.4.26
digium asterisk 1.4.24.1
digium asterisk 1.6.2.17.1
digium asterisk 1.6.2.16
digium asterisk 1.4.27
digium asterisk 1.4.10.1
digium asterisk 1.6.2.16.1
digium asterisk 1.8.4.3
digium asterisk 1.4.33.1
digium asterisk 1.4.23.1
digium asterisk 1.8.2.3
digium asterisk 1.4.15
digium asterisk 1.4.25.1
digium asterisk 1.4.29
digium asterisk 1.4.30
digium asterisk 1.4.19.1
digium asterisk 1.8.2
digium asterisk 1.4.41.2
digium asterisk 1.4.11
digium asterisk 1.4.19
CVE-2011-4598 MEDIUM

The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
digium asterisk 1.6.2.18
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.6.2.1
digium asterisk 1.6.2.2
digium asterisk 1.8.4
digium asterisk 1.6.2.19
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.6.2.17.1
digium asterisk 1.6.2.15
digium asterisk 1.6.2.6
digium asterisk 1.8.2.2
digium asterisk 1.6.2.16
digium asterisk 1.6.2.5
digium asterisk 1.8.3.1
digium asterisk 1.8.5.0
digium asterisk 1.6.2.20
digium asterisk 1.6.2.16.1
digium asterisk 1.8.4.3
digium asterisk 1.8.7.0
digium asterisk 1.8.6.0
digium asterisk 1.6.2.17.3
digium asterisk 1.8.2.3
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.6.2.4
digium asterisk 1.8.3
digium asterisk 1.8.3.3
digium asterisk 1.8.1
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.6.2.17
digium asterisk 1.8.5
digium asterisk 1.6.2.16.2
digium asterisk 1.8.2.1
digium asterisk 1.8.2
digium asterisk 1.6.2.3
digium asterisk 1.8.7.1
digium asterisk 1.6.2.0
digium asterisk 1.6.2.21
digium asterisk 1.6.2.17.2
CVE-2012-2947 LOW

chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
digium asterisk 10.0.1
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 10.4.0
digium asterisk 1.8.8.1
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 10.2.0
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 1.8.10.1
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 1.8.6.0
digium asterisk 10.3.0
digium asterisk 1.8.9.1
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.3.3
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.7.1
digium asterisk 1.8.12
digium asterisk 10.0.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
debian debian_linux 6.0
digium asterisk 10.3.1
digium asterisk 10.1.0
digium asterisk 1.8.2.2
digium asterisk 1.8.9.2
digium asterisk 1.8.5.0
digium asterisk 1.8.12.0
digium asterisk 1.8.4.3
digium asterisk 10.1.2
digium asterisk 1.8.2.3
digium certified_asterisk 1.8.11
digium asterisk 1.8.1
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 1.8.2
digium asterisk 10.2.1
CVE-2012-3553 MEDIUM

chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 10.4.1
digium asterisk 10.0.1
digium asterisk 10.3.0
digium asterisk 10.1.2
digium asterisk 10.4.0
digium asterisk 10.3.1
digium asterisk 10.5.0
digium asterisk 10.1.0
digium asterisk 10.2.0
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 10.4.2
digium asterisk 10.2.1
digium asterisk 10.0.0
CVE-2012-3812 MEDIUM

Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 10.4.1
digium asterisk 10.0.1
digium asterisk 1.8.4
digium asterisk 10.4.0
digium asterisk 1.8.8.1
digium asterisk 10.5.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 10.2.0
digium asterisk 10.4.2
digium asterisk 1.8.13.0
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 1.8.6.0
digium asterisk 10.3.0
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.3.3
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asteriske 1.8.9.1
digium asterisk 1.8.7.1
digium asterisk 10.0.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium asterisk 10.3.1
digium asterisk 10.1.0
digium asterisk 1.8.2.2
digium asterisk 1.8.9.2
digium asterisk 1.8.5.0
digium asterisk 1.8.4.3
digium asteriske 1.8.8.0
digium asterisk 10.1.2
digium asterisk 1.8.2.3
digium certified_asterisk 1.8.11
digium asterisk 1.8.1
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 10.5.1
digium asterisk 1.8.2
digium asterisk 10.2.1
CVE-2012-3863 MEDIUM

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 10.4.1
digium asterisk 10.0.1
digium asterisk 1.8.4
digium asterisk 10.4.0
digium asterisk 1.8.8.1
digium asterisk 10.5.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 10.2.0
digium asterisk 10.4.2
digium asterisk 1.8.13.0
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 1.8.6.0
digium asterisk 10.3.0
digium asterisk_business_edition c.3.1
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.3.3
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asteriske 1.8.9.1
digium asterisk 1.8.7.1
digium asterisk_business_edition c.3.7.4
digium asterisk 10.0.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium asterisk 10.3.1
digium asterisk 10.1.0
digium asterisk 1.8.2.2
digium asterisk 1.8.9.2
digium asterisk 1.8.5.0
digium asterisk 1.8.4.3
digium asteriske 1.8.8.0
digium asterisk_business_edition c.3.3
digium asterisk 10.1.2
digium asterisk 1.8.2.3
digium certified_asterisk 1.8.11
digium asterisk 1.8.1
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 10.5.1
digium asterisk 1.8.2
digium asterisk 10.2.1
CVE-2012-5976 MEDIUM

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 10.4.1
digium asterisk 1.8.15.1
digium asterisk 10.0.1
digium asterisk 1.8.14.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 10.4.0
digium asterisk 1.8.8.1
digium asterisk 1.8.19.0
digium asterisk 10.5.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 10.2.0
digium asterisk 1.8.18.1
digium asterisk 10.4.2
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 11.0.2
digium asterisk 10.6.1
digium asterisk 1.8.10.1
digium asterisk 10.7.0
digium asterisk 11.0.0
digium asterisk 10.8.0
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 10.11.0
digium asterisk 1.8.8.2
digium asterisk *
digium asterisk 1.8.6.0
digium asterisk 10.3.0
digium asterisk 1.8.9.1
digium asterisk 10.5.2
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.17.0
digium asterisk 1.8.3.3
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.15.0
digium asterisk 1.8.7.1
digium asterisk 11.1.1
digium asterisk 1.8.12
digium asterisk 10.0.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium asterisk 1.8.18.0
digium asterisk 10.3.1
digium asterisk 10.9.0
digium asterisk 10.1.0
digium asterisk 10.10.0
digium asterisk 1.8.2.2
digium asterisk 1.8.9.2
digium asterisk 1.8.5.0
digium asterisk 1.8.12.0
digium asterisk 11.1.0
digium asterisk 1.8.4.3
digium asterisk 10.10.1
digium asterisk 10.1.2
digium asterisk 1.8.2.3
digium asterisk 10.6.0
digium certified_asterisk 1.8.11
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 10.5.1
digium asterisk 1.8.2
digium asterisk 11.0.1
digium asterisk 10.2.1
digium asterisk 10.7.1
CVE-2012-5977 MEDIUM

Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 10.4.1
digium asterisk 1.8.15.1
digium asterisk 10.0.1
digium asterisk 1.8.14.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 10.4.0
digium asterisk 1.8.8.1
digium asterisk 1.8.19.0
digium asterisk 10.5.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 10.2.0
digium asterisk 1.8.18.1
digium asterisk 10.4.2
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 11.0.2
digium asterisk 10.6.1
digium asterisk 1.8.10.1
digium asterisk 10.7.0
digium asterisk 11.0.0
digium asterisk 10.8.0
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 10.11.0
digium asterisk 1.8.8.2
digium asterisk *
digium asterisk 1.8.6.0
digium asterisk 10.3.0
digium asterisk 1.8.9.1
digium asterisk 10.5.2
digium asterisk 1.8.4.1
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.17.0
digium asterisk 1.8.3.3
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.15.0
digium asterisk 1.8.7.1
digium asterisk 11.1.1
digium asterisk 1.8.12
digium asterisk 10.0.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium asterisk 1.8.18.0
digium asterisk 10.3.1
digium asterisk 10.9.0
digium asterisk 10.1.0
digium asterisk 10.10.0
digium asterisk 1.8.2.2
digium asterisk 1.8.9.2
digium asterisk 1.8.5.0
digium asterisk 1.8.12.0
digium asterisk 11.1.0
digium asterisk 1.8.4.3
digium asterisk 10.10.1
digium asterisk 10.1.2
digium asterisk 1.8.2.3
digium asterisk 10.6.0
digium certified_asterisk 1.8.11
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 10.1.1
digium asterisk 10.1.3
digium asterisk 10.5.1
digium asterisk 1.8.2
digium asterisk 11.0.1
digium asterisk 10.2.1
digium asterisk 10.7.1
CVE-2013-5641 MEDIUM

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 11.1.2
digium certified_asterisk 1.8.15
digium asterisk 11.5.1
digium asterisk 1.8.21.0
digium certified_asterisk 11.2.0
digium asterisk 1.8.18.0
digium asterisk 1.8.22.0
digium asterisk 11.2.0
digium asterisk 1.8.17.0
digium asterisk 1.8.19.0
digium asterisk 11.4.0
digium asterisk 1.8.18.1
digium asterisk 1.8.19.1
digium asterisk 1.8.20.0
digium asterisk 11.5.0
digium asterisk 11.0.2
digium asterisk 11.0.1
digium asterisk 11.1.1
digium asterisk 1.8.23.0
digium asterisk 11.0.0
digium asterisk 11.1.0
CVE-2013-5642 MEDIUM

The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 10.12.1
digium asterisk_digiumphones 10.12.1
digium asterisk 11.5.1
digium asterisk 1.8.21.0
digium asterisk 1.8.18.0
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk_digiumphones 10.12.2
digium asterisk 1.8.18.1
digium asterisk 10.10.0
digium asterisk 1.8.20.0
digium asterisk 11.0.2
digium asterisk 11.0.0
digium asterisk 11.1.0
digium asterisk_digiumphones 10.11.0
digium asterisk 10.11.0
digium asterisk 11.1.2
digium certified_asterisk 1.8.15
digium certified_asterisk 11.2.0
digium asterisk 10.12.0
digium asterisk 1.8.22.0
digium asterisk 1.8.17.0
digium asterisk 10.12.2
digium asterisk 11.4.0
digium asterisk_digiumphones 10.12.0
digium asterisk 1.8.19.1
digium asterisk_digiumphones 10.0.0
digium asterisk 11.5.0
digium asterisk 11.0.1
digium asterisk 11.1.1
digium asterisk 1.8.23.0
CVE-2013-7100 MEDIUM

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 10.12.1
digium asterisk_digiumphones 10.12.1
digium asterisk 11.5.1
digium asterisk 1.8.21.0
digium asterisk 1.8.18.0
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk_digiumphones 10.12.2
digium asterisk 1.8.18.1
digium asterisk 10.10.0
digium asterisk 1.8.20.0
digium asterisk 11.0.2
digium asterisk 11.0.0
digium asterisk 11.1.0
digium asterisk_digiumphones 10.11.0
digium asterisk 10.11.0
digium asterisk 11.1.2
digium certified_asterisk 1.8.15
digium certified_asterisk 11.2.0
digium asterisk 10.12.0
digium asterisk 1.8.22.0
digium asterisk 1.8.17.0
digium asterisk 10.12.2
digium asterisk 11.4.0
digium asterisk_digiumphones 10.12.0
digium asterisk 1.8.19.1
digium asterisk_digiumphones 10.0.0
digium asterisk 11.5.0
digium asterisk 11.0.1
digium asterisk 11.1.1
digium asterisk 1.8.23.0
CVE-2014-2286 HIGH

main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 1.8.15.1
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 1.8.8.1
digium asterisk 1.8.19.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium certified_asterisk 1.8.14.0
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 1.8.10.1
digium certified_asterisk 1.8.5.0
fedoraproject fedora 20
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 1.8.6.0
digium certified_asterisk 1.8.13.0
digium asterisk 1.8.9.1
digium certified_asterisk 1.8.2.0
digium asterisk 1.8.4.1
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.17.0
digium asterisk 1.8.24.0
digium asterisk 1.8.3.3
digium certified_asterisk 1.8.9.0
digium asterisk 1.8.11.0
digium certified_asterisk 1.8.12.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.19.1
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.15.0
digium asterisk 1.8.7.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium certified_asterisk 1.8.3.0
digium asterisk 1.8.12
digium asterisk 1.8.26.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium certified_asterisk 1.8.1.0
digium asterisk 1.8.21.0
digium asterisk 1.8.9.3
digium certified_asterisk 1.8.4.0
digium asterisk 1.8.18.0
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium certified_asterisk 1.8.10.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 1.8.9.2
digium certified_asterisk 1.8.0.0
digium asterisk 1.8.5.0
digium asterisk 1.8.24.1
fedoraproject fedora 19
digium asterisk 1.8.12.0
digium asterisk 1.8.12.1
digium asterisk 1.8.4.3
digium certified_asterisk 1.8.15
digium asterisk 1.8.25.0
digium certified_asterisk 1.8.6.0
digium asterisk 1.8.2.3
digium certified_asterisk 1.8.7.0
digium certified_asterisk 1.8.8.0
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium asterisk 1.8.2
digium certified_asterisk 1.8.11.0
digium certified_asterisk 11.6
digium asterisk 1.8.23.0
digium asterisk 1.8.12.2
CVE-2014-2287 LOW

channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 1.8.15.1
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 1.8.8.1
digium asterisk 1.8.19.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium certified_asterisk 1.8.14.0
digium asterisk 1.8.9.0
digium asterisk 1.8.3.1
digium asterisk 1.8.10.1
digium certified_asterisk 1.8.5.0
fedoraproject fedora 20
digium asterisk 1.8.7.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 1.8.6.0
digium certified_asterisk 1.8.13.0
digium asterisk 1.8.9.1
digium certified_asterisk 1.8.2.0
digium asterisk 1.8.4.1
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.17.0
digium asterisk 1.8.24.0
digium asterisk 1.8.3.3
digium certified_asterisk 1.8.9.0
digium asterisk 1.8.11.0
digium certified_asterisk 1.8.12.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.19.1
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.15.0
digium asterisk 1.8.7.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium certified_asterisk 1.8.3.0
digium asterisk 1.8.12
digium asterisk 1.8.26.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium certified_asterisk 1.8.1.0
digium asterisk 1.8.21.0
digium asterisk 1.8.9.3
digium certified_asterisk 1.8.4.0
digium asterisk 1.8.18.0
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium certified_asterisk 1.8.10.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 1.8.9.2
digium certified_asterisk 1.8.0.0
digium asterisk 1.8.5.0
digium asterisk 1.8.24.1
fedoraproject fedora 19
digium asterisk 1.8.12.0
digium asterisk 1.8.12.1
digium asterisk 1.8.4.3
digium certified_asterisk 1.8.15
digium asterisk 1.8.25.0
digium certified_asterisk 1.8.6.0
digium asterisk 1.8.2.3
digium certified_asterisk 1.8.7.0
digium certified_asterisk 1.8.8.0
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium asterisk 1.8.2
digium certified_asterisk 1.8.11.0
digium certified_asterisk 11.6
digium asterisk 1.8.23.0
digium asterisk 1.8.12.2
CVE-2014-2288 MEDIUM

The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP endpoint that does not have an associated outgoing request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 12.1.0
digium asterisk 12.0.0
CVE-2014-2289 LOW

res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer dereference.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 12.1.0
digium asterisk 12.0.0
CVE-2014-4045 MEDIUM

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
digium asterisk 12.3.0
digium asterisk 12.1.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 12.1.1
CVE-2014-4046 MEDIUM

Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated Manager users to execute arbitrary shell commands via a MixMonitor action.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 12.3.0
digium asterisk 11.9.0
digium asterisk 11.1.2
digium asterisk 11.5.1
digium asterisk 11.8.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 11.2.0
digium certified_asterisk 11.6.0
digium asterisk 11.4.0
digium asterisk 12.1.0
digium asterisk 11.5.0
digium asterisk 11.8.1
digium asterisk 11.0.2
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 11.1.1
digium asterisk 12.1.1
digium asterisk 11.10.0
digium asterisk 11.0.0
digium asterisk 11.1.0
CVE-2014-4047 MEDIUM

Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
digium asterisk 1.8.15.1
digium asterisk 12.3.0
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 1.8.8.1
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk 1.8.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium asterisk 1.8.9.0
digium asterisk 1.8.26.1
digium asterisk 1.8.3.1
digium asterisk 11.0.2
digium asterisk 12.1.1
digium asterisk 1.8.10.1
digium asterisk 11.0.0
digium asterisk 1.8.7.0
digium asterisk 1.8.27.0
digium asterisk 1.8.11.1
digium asterisk 1.8.8.2
digium asterisk 11.1.2
digium asterisk 1.8.6.0
digium asterisk 1.8.9.1
digium asterisk 1.8.4.1
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.3
digium asterisk 1.8.17.0
digium asterisk 1.8.24.0
digium asterisk 1.8.3.3
digium asterisk 11.4.0
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.19.1
digium asterisk 1.8.5
digium asterisk 11.5.0
digium asterisk 1.8.2.1
digium asterisk 1.8.15.0
digium asterisk 1.8.7.1
digium asterisk 11.1.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium asterisk 1.8.12
digium asterisk 11.3.0
digium asterisk 1.8.26.0
digium asterisk 1.8.4.2
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 11.5.1
digium asterisk 1.8.21.0
digium asterisk 1.8.9.3
digium asterisk 1.8.18.0
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 11.8.1
digium asterisk 1.8.9.2
digium asterisk 11.10.0
digium asterisk 1.8.5.0
digium asterisk 1.8.24.1
digium asterisk 1.8.12.0
digium asterisk 11.1.0
digium asterisk 1.8.12.1
digium asterisk 1.8.4.3
digium asterisk 11.9.0
digium certified_asterisk 1.8.15
digium asterisk 1.8.28.0
digium asterisk 12.0.0
digium asterisk 1.8.25.0
digium asterisk 12.2.0
digium asterisk 1.8.2.3
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium asterisk 1.8.2
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 1.8.23.0
digium asterisk 1.8.12.2
CVE-2014-4048 MEDIUM

The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
digium asterisk 12.3.0
digium asterisk 12.1.0
digium asterisk *
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 12.1.1
CVE-2014-6609 MEDIUM

The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 12.4.0
digium asterisk 12.3.0
digium asterisk 12.1.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 12.5.0
CVE-2014-6610 MEDIUM

Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 12.4.0
digium asterisk 12.3.0
digium asterisk 11.9.0
digium asterisk 11.7.0
digium asterisk 11.8.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 11.11.0
digium asterisk 11.2.0
digium asterisk 11.6.0
digium certified_asterisk 11.6.0
digium asterisk 11.4.0
digium asterisk 12.1.0
digium asterisk 11.5.0
digium certified_asterisk 11.6
digium asterisk 11.10.0
digium asterisk 12.5.0
digium asterisk 11.0.0
digium asterisk 11.1.0
digium asterisk 11.12.0
CVE-2014-8412 MEDIUM

The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
digium certified_asterisk 11.6.0
digium certified_asterisk 1.8.28
digium asterisk *
digium certified_asterisk 11.6
digium certified_asterisk 1.8.28.0
CVE-2014-8413 HIGH

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2014-8414 MEDIUM

ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium certified_asterisk 11.6.0
digium asterisk *
digium certified_asterisk 11.6
CVE-2014-8415 MEDIUM

Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2014-8416 MEDIUM

Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2014-8417 MEDIUM

ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
digium certified_asterisk 11.6.0
digium asterisk *
digium certified_asterisk 11.6
CVE-2014-8418 HIGH

The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
digium certified_asterisk 11.6.0
digium certified_asterisk 1.8.28
digium asterisk *
digium certified_asterisk 11.6
CVE-2014-9374 MEDIUM

Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 11.3.0
digium asterisk 12.4.0
digium asterisk 12.3.0
digium asterisk 11.8.0
digium asterisk 11.14.0
digium asterisk 11.2.0
digium asterisk 13.0.1
digium certified_asterisk 11.6.0
digium asterisk 13.0.0
digium asterisk 12.7.1
digium asterisk 11.10.0
digium asterisk 12.5.0
digium asterisk 12.6.0
digium asterisk 11.0.0
digium asterisk 11.1.0
digium asterisk 11.12.0
digium asterisk 11.9.0
digium asterisk 11.7.0
digium asterisk 11.13.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 11.11.0
digium asterisk 11.6.0
digium asterisk 12.7.0
digium asterisk 11.4.0
digium asterisk 12.1.0
digium asterisk 11.5.0
digium certified_asterisk 11.6
CVE-2015-1558 LOW

Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 12.4.0
digium asterisk 12.3.1
digium asterisk 12.8.0
digium asterisk 12.3.0
digium asterisk 12.0.0
digium asterisk 12.2.0
digium asterisk 13.1.0
digium asterisk 12.7.0
digium asterisk 12.1.0
digium asterisk 13.0.0
digium asterisk 12.1.1
digium asterisk 12.5.0
digium asterisk 12.6.0
digium asterisk 12.3.2
digium asterisk 12.8.1
digium asterisk 13.2.0
CVE-2015-2690 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
digium addons_module 2.11.0.6
CVE-2015-3008 MEDIUM

Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11.6 before 11.6-cert11, and 13.1 before 13.1-cert2, when registering a SIP TLS device, does not properly handle a null byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
digium asterisk 12.4.0
digium certified_asterisk 1.8.28
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 13.0.1
digium asterisk 1.8.0
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium certified_asterisk 1.8.14.0
digium asterisk 13.0.0
digium asterisk 1.8.26.1
digium asterisk 11.0.2
digium asterisk 12.7.1
digium asterisk 1.8.10.1
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 1.8.11.1
digium asterisk 11.1.2
digium asterisk 1.8.3
digium asterisk 1.8.24.0
digium certified_asterisk 1.8.28.0
digium asterisk 1.8.11.0
digium certified_asterisk 1.8.12.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 11.5.0
digium asterisk 1.8.15.0
digium asterisk 11.1.1
digium asterisk 11.3.0
digium asterisk 1.8.26.0
digium asterisk 12.8.0
digium certified_asterisk 1.8.1.0
digium certified_asterisk 1.8.4.0
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 11.8.1
digium certified_asterisk 1.8.0.0
digium asterisk 1.8.24.1
digium asterisk 11.1.0
digium asterisk 11.13.0
digium asterisk 1.8.32.0
digium asterisk 1.8.28.0
digium asterisk 1.8.25.0
digium asterisk 12.2.0
digium certified_asterisk 1.8.6.0
digium asterisk 11.11.0
digium asterisk 13.3.0
digium certified_asterisk 1.8.11
digium certified_asterisk 1.8.7.0
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium certified_asterisk 1.8.11.0
digium asterisk 1.8.12.2
digium certified_asterisk 13.1
digium asterisk 1.8.28.1
digium asterisk 1.8.15.1
digium asterisk 12.3.0
digium asterisk 11.14.0
digium asterisk 1.8.10.0
digium asterisk 11.15.0
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.3.1
digium asterisk 12.1.1
digium certified_asterisk 1.8.5.0
digium asterisk 1.8.27.0
digium asterisk 11.7.0
digium certified_asterisk 1.8.13.0
digium certified_asterisk 1.8.2.0
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.17.0
digium asterisk 12.7.0
digium asterisk 1.8.3.3
digium certified_asterisk 1.8.9.0
digium asterisk 11.4.0
digium asterisk 1.8.19.1
digium asterisk 1.8.2.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium certified_asterisk 1.8.3.0
digium asterisk 12.3.2
digium asterisk 12.8.1
digium asterisk 1.8.12
digium asterisk 12.3.1
digium asterisk 11.5.1
digium asterisk 11.10.1
digium asterisk 1.8.21.0
digium asterisk 13.1.0
digium asterisk 1.8.18.0
digium certified_asterisk 1.8.10.0
digium asterisk 11.10.0
digium asterisk 12.5.0
digium asterisk 12.6.0
digium asterisk 1.8.12.0
digium asterisk 1.8.12.1
digium asterisk 11.9.0
digium certified_asterisk 1.8.15
digium asterisk 12.0.0
digium asterisk 11.17.0
digium asterisk 1.8.2.3
digium asterisk 11.6.0
digium asterisk 13.3.1
digium asterisk 1.8.28.2
digium certified_asterisk 1.8.8.0
digium asterisk 1.8.2
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 1.8.23.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2016-2232 MEDIUM

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk 12.8.2
digium asterisk 12.4.0
digium certified_asterisk 1.8.28
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 13.0.1
digium asterisk 1.8.0
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium asterisk 13.0.0
digium asterisk 1.8.9.0
digium asterisk 1.8.26.1
digium asterisk 11.0.2
digium asterisk 12.7.1
digium asterisk 13.5.0
digium asterisk 1.8.10.1
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 1.8.11.1
digium asterisk 11.1.2
digium asterisk 1.8.6.0
digium asterisk 13.4.0
digium asterisk 1.8.3
digium asterisk 1.8.24.0
digium certified_asterisk 13.1.0
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.15.0
digium asterisk 11.1.1
digium asterisk 1.8.26.0
digium asterisk 12.8.0
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 11.8.1
digium asterisk 1.8.5.0
digium asterisk 1.8.24.1
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 11.13.0
digium asterisk 1.8.32.0
digium asterisk 1.8.28.0
digium asterisk 1.8.25.0
digium asterisk 12.2.0
digium asterisk 11.11.0
digium asterisk 13.3.0
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium asterisk 1.8.12.2
digium certified_asterisk 13.1
digium asterisk 1.8.28.1
digium asterisk 1.8.15.1
digium asterisk 12.3.0
digium asterisk 11.14.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 11.15.0
digium asterisk 1.8.8.1
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.3.1
digium asterisk 12.1.1
digium asterisk 1.8.7.0
digium asterisk 1.8.27.0
digium asterisk 11.7.0
digium asterisk 1.8.8.2
digium asterisk 1.8.9.1
digium asterisk 1.8.4.1
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.17.0
digium asterisk 12.7.0
digium asterisk 1.8.3.3
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 1.8.19.1
digium asterisk 11.20.0
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.7.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium asterisk 12.3.2
digium asterisk 12.8.1
digium asterisk 1.8.12
digium asterisk 12.3.1
digium asterisk 1.8.4.2
digium asterisk 11.10.1
digium asterisk 1.8.21.0
digium asterisk 13.1.0
digium asterisk 1.8.18.0
digium asterisk 11.18.0
digium asterisk 1.8.9.2
digium asterisk 11.10.0
digium asterisk 12.5.0
digium asterisk 12.6.0
digium asterisk 1.8.12.0
digium asterisk 1.8.12.1
digium asterisk 1.8.4.3
digium asterisk 11.9.0
digium asterisk 12.0.0
digium asterisk 11.17.0
digium asterisk 1.8.2.3
digium asterisk 11.6.0
digium asterisk 1.8.28.2
digium asterisk 11.19.0
digium asterisk 1.8.2
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 1.8.23.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2016-2316 HIGH

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
fedoraproject fedora 22
digium asterisk 12.8.2
digium asterisk 12.4.0
digium certified_asterisk 1.8.28
digium asterisk 1.8.14.0
digium asterisk 11.8.0
digium asterisk 13.0.1
digium asterisk 1.8.0
digium asterisk 1.8.13.0
digium asterisk 1.8.14.1
digium asterisk 13.0.0
digium asterisk 1.8.9.0
digium asterisk 1.8.26.1
digium asterisk 11.0.2
digium asterisk 12.7.1
digium asterisk 13.5.0
digium asterisk 1.8.10.1
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 1.8.11.1
digium asterisk 11.1.2
digium asterisk 1.8.6.0
digium asterisk 13.4.0
digium asterisk 1.8.3
digium asterisk 1.8.24.0
digium certified_asterisk 13.1.0
digium asterisk 1.8.11.0
digium asterisk 1.8.1.1
digium asterisk 1.8.3.2
digium asterisk 1.8.15.0
digium asterisk 11.1.1
digium asterisk 1.8.26.0
digium asterisk 12.8.0
digium asterisk 1.8.4.4
digium asterisk 1.8.8.0
digium asterisk 1.8.9.3
digium certified_asterisk 11.6.0
digium asterisk 1.8.20.0
digium asterisk 1.8.2.2
digium asterisk 1.8.20.2
digium asterisk 11.8.1
digium asterisk 1.8.5.0
digium asterisk 1.8.24.1
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 11.13.0
digium asterisk 1.8.32.0
digium asterisk 1.8.28.0
digium asterisk 1.8.25.0
digium asterisk 12.2.0
digium asterisk 11.11.0
digium asterisk 13.3.0
digium asterisk 1.8.1
digium asterisk 1.8.16.0
digium asterisk 12.1.0
digium asterisk 1.8.12.2
digium certified_asterisk 13.1
digium asterisk 1.8.28.1
digium asterisk 1.8.15.1
digium asterisk 12.3.0
digium asterisk 11.14.0
digium asterisk 1.8.10.0
digium asterisk 1.8.4
digium asterisk 11.15.0
digium asterisk 1.8.8.1
digium asterisk 11.2.0
digium asterisk 1.8.19.0
digium asterisk 1.8.1.2
digium asterisk 1.8.13.1
digium asterisk 1.8.18.1
digium asterisk 1.8.3.1
digium asterisk 12.1.1
digium asterisk 1.8.7.0
digium asterisk 1.8.27.0
digium asterisk 11.7.0
digium asterisk 1.8.8.2
digium asterisk 1.8.9.1
digium asterisk 1.8.4.1
digium asterisk 1.8.22.0
digium asterisk 1.8.2.4
digium asterisk 1.8.17.0
digium asterisk 12.7.0
digium asterisk 1.8.3.3
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 1.8.19.1
digium asterisk 11.20.0
digium asterisk 1.8.5
digium asterisk 1.8.2.1
digium asterisk 1.8.7.1
digium asterisk 1.8.20.1
digium asterisk 1.8.23.1
digium asterisk 12.3.2
digium asterisk 12.8.1
digium asterisk 1.8.12
digium asterisk 12.3.1
digium asterisk 1.8.4.2
digium asterisk 11.10.1
digium asterisk 1.8.21.0
digium asterisk 13.1.0
fedoraproject fedora 23
digium asterisk 1.8.18.0
digium asterisk 11.18.0
digium asterisk 1.8.9.2
digium asterisk 11.10.0
digium asterisk 12.5.0
digium asterisk 12.6.0
digium asterisk 1.8.12.0
digium asterisk 1.8.12.1
digium asterisk 1.8.4.3
digium asterisk 11.9.0
digium asterisk 12.0.0
digium asterisk 11.17.0
digium asterisk 1.8.2.3
digium asterisk 11.6.0
digium asterisk 1.8.28.2
digium asterisk 11.19.0
digium asterisk 1.8.2
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 1.8.23.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2016-7550 MEDIUM

asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
digium asterisk 13.10.0
CVE-2016-7551 MEDIUM

chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
digium asterisk 11.6.1
digium asterisk 13.8.1
digium asterisk 11.8.0
digium asterisk 11.14.0
digium asterisk 11.10.2
digium asterisk 11.17.1
digium asterisk 13.1.1
digium asterisk 11.15.0
digium asterisk 11.2.0
digium asterisk 11.21.2
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 11.0.2
digium asterisk 13.5.0
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 11.7.0
digium asterisk 13.9.1
digium asterisk 11.1.2
digium asterisk 13.4.0
digium asterisk 11.2.2
digium asterisk 11.15.1
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 11.20.0
digium asterisk 11.5.0
digium asterisk 13.0.2
digium asterisk 11.21.1
digium asterisk 11.1.1
digium asterisk 11.3.0
digium asterisk 11.14.1
digium asterisk 11.22.0
digium asterisk 11.12.1
digium asterisk 11.14.2
digium asterisk 11.5.1
digium asterisk 11.10.1
digium asterisk 13.11.0
digium asterisk 13.1.0
digium asterisk 13.8.0
debian debian_linux 8.0
digium certified_asterisk 13.8
digium asterisk 13.7.1
digium certified_asterisk 11.6.0
digium asterisk 11.18.0
digium asterisk 11.2.1
digium asterisk 13.2.1
digium certified_asterisk 13.8.0
digium asterisk 11.8.1
digium asterisk 11.10.0
digium asterisk 13.9.0
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 11.9.0
digium asterisk 11.13.0
digium asterisk 11.17.0
digium asterisk 13.3.2
digium asterisk 11.11.0
digium asterisk 11.13.1
digium asterisk 11.6.0
digium asterisk 13.3.0
digium asterisk 13.3.1
digium asterisk 13.7.2
digium asterisk 11.19.0
digium asterisk 11.23.0
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2016-9937 MEDIUM

An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters. This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 13.12
digium asterisk 14.1
digium asterisk 14.01
digium asterisk 14.2
digium asterisk 13.13
digium asterisk 14.0
digium asterisk 14.1.2
digium asterisk 14.02
digium asterisk 14.1.1
CVE-2016-9938 MEDIUM

An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-285,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 11.6.1
digium asterisk 13.8.1
digium asterisk 11.8.0
digium asterisk 11.14.0
digium asterisk 11.10.2
digium asterisk 11.17.1
digium asterisk 13.1.1
digium asterisk 13.12.2
digium asterisk 11.15.0
digium certified_asterisk 11.3.0
digium asterisk 11.2.0
digium certified_asterisk 11.1.0
digium asterisk 11.21.2
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 11.0.2
digium asterisk 13.5.0
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 13.12.1
digium asterisk 11.7.0
digium asterisk 13.9.1
digium asterisk 11.1.2
digium asterisk 13.4.0
digium certified_asterisk 11.2.0
digium asterisk 11.2.2
digium asterisk 11.15.1
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 11.20.0
digium asterisk 11.5.0
digium asterisk 13.0.2
digium asterisk 11.21.1
digium asterisk 13.11.2
digium asterisk 11.1.1
digium certified_asterisk 11.4.0
digium asterisk 13.11.1
digium asterisk 11.3.0
digium asterisk 11.14.1
digium asterisk 11.22.0
digium asterisk 14.2.0
digium asterisk 11.12.1
digium asterisk 11.14.2
digium asterisk 11.5.1
digium asterisk 11.10.1
digium asterisk 13.11.0
digium asterisk 14.1.2
digium asterisk 13.1.0
digium asterisk 11.25.0
digium asterisk 13.8.0
digium asterisk 13.13.0
digium asterisk 13.7.1
digium certified_asterisk 11.6.0
digium asterisk 14.0.1
digium asterisk 11.18.0
digium asterisk 11.2.1
digium asterisk 13.2.1
digium asterisk 11.24.1
digium certified_asterisk 11.0.0
digium asterisk 11.8.1
digium asterisk 11.10.0
digium asterisk 13.9.0
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 11.9.0
digium asterisk 11.13.0
digium asterisk 11.17.0
digium asterisk 14.1.1
digium asterisk 11.23.1
digium asterisk 13.3.2
digium asterisk 11.11.0
digium asterisk 11.13.1
digium asterisk 11.6.0
digium asterisk 13.3.0
digium asterisk 13.3.1
digium asterisk 11.24.0
digium asterisk 13.7.2
digium asterisk 11.19.0
digium asterisk 11.23.0
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium certified_asterisk 11.5.0
digium asterisk 13.12.0
digium asterisk 14.0.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2017-14001 HIGH

An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
digium asterisk_gui *
CVE-2017-14098 MEDIUM

In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 14.4.0
digium asterisk 13.12
digium asterisk 13.8.1
digium asterisk 13.17.0
digium asterisk 13.1.1
digium asterisk 13.12.2
digium asterisk 14.3.0
digium asterisk 14.3.1
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 13.5.0
digium asterisk 14.02
digium asterisk 14.4.1
digium asterisk 13.12.1
digium asterisk 13.9.1
digium asterisk 13.4.0
digium asterisk 14.01
digium asterisk 13.6.0
digium asterisk 13.14.1
digium asterisk 13.14.0
digium asterisk 13.0.2
digium asterisk 13.11.2
digium asterisk 13.13.1
digium asterisk 13.11.1
digium asterisk 14.2.0
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 14.1.2
digium asterisk 13.1.0
digium asterisk 13.8.0
digium asterisk 13.13.0
digium asterisk 13.7.1
digium asterisk 13.15.0
digium asterisk 13.16.0
digium asterisk 14.2.1
digium asterisk 14.0.1
digium asterisk 13.2.1
digium asterisk 13.9.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 14.1
digium asterisk 14.0
digium asterisk 14.1.1
digium asterisk 13.3.2
digium asterisk 13.3.0
digium asterisk 13.7.2
digium asterisk 14.2
digium asterisk 14.5.0
digium asterisk 13.12.0
digium asterisk 14.0.0
digium asterisk 13.15.1
digium asterisk 14.6.0
digium asterisk 13.2.0
CVE-2017-14099 MEDIUM

In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure (media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and drops any packets that do not originate from the expected address. This option is enabled by default in Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively) enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the target address of any sent media. This option is not enabled by default, but is commonly enabled to handle devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue where media could be hijacked. Instead of only learning a new address when expected, the new code allowed a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to send traffic, they would continue to receive traffic as well.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 14.4.0
digium asterisk 11.25.1
digium asterisk 11.8.0
digium asterisk 11.10.2
digium asterisk 11.17.1
digium asterisk 13.12.2
digium asterisk 14.3.0
digium asterisk 11.21.2
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 11.0.2
digium asterisk 13.5.0
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 13.12.1
digium asterisk 11.1.2
digium asterisk 13.4.0
digium asterisk 14.01
digium asterisk 11.2.2
digium certified_asterisk 13.13
digium asterisk 13.13.1
digium asterisk 11.1.1
digium asterisk 11.22.0
digium asterisk 11.12.1
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 14.1.2
digium asterisk 11.25.0
digium asterisk 13.13.0
digium asterisk 13.15.0
digium asterisk 14.2.1
digium asterisk 11.2.1
digium asterisk 11.8.1
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 11.13.0
digium asterisk 14.1
digium asterisk 14.1.1
digium asterisk 13.3.2
digium asterisk 11.11.0
digium asterisk 11.13.1
digium asterisk 13.3.0
digium asterisk 13.7.2
digium asterisk 14.2
digium asterisk 14.5.0
digium asterisk 14.0.0
digium asterisk 13.15.1
digium asterisk 14.6.0
digium asterisk 13.12
digium asterisk 11.6.1
digium asterisk 13.8.1
digium asterisk 13.17.0
digium asterisk 11.14.0
digium asterisk 13.1.1
digium asterisk 11.15.0
digium asterisk 14.3.1
digium asterisk 11.2.0
digium asterisk 14.02
digium asterisk 14.4.1
digium asterisk 11.7.0
digium asterisk 13.9.1
digium asterisk 11.15.1
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 13.14.1
digium asterisk 11.20.0
digium asterisk 13.14.0
digium asterisk 13.0.2
digium asterisk 11.21.1
digium asterisk 13.11.2
digium asterisk 13.11.1
digium asterisk 11.14.1
digium asterisk 14.2.0
digium asterisk 11.14.2
digium asterisk 11.10.1
digium asterisk 13.1.0
digium asterisk 13.8.0
digium asterisk 13.7.1
digium asterisk 13.16.0
digium asterisk 14.0.1
digium asterisk 11.18.0
digium asterisk 13.2.1
digium asterisk 11.24.1
digium asterisk 11.10.0
digium asterisk 13.9.0
digium asterisk 11.9.0
digium asterisk 14.0
digium asterisk 11.17.0
digium asterisk 11.23.1
digium asterisk 11.6.0
digium asterisk 11.24.0
digium asterisk 11.19.0
digium asterisk 11.23.0
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 13.12.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2017-14100 HIGH

In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is executed by the MinivmNotify dialplan application. The application uses the caller-id name and number as part of a built string passed to the OS shell for interpretation and execution. Since the caller-id name and number can come from an untrusted source, a crafted caller-id name or number allows an arbitrary shell command injection.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 14.4.0
digium asterisk 11.25.1
digium asterisk 11.8.0
digium asterisk 11.10.2
digium asterisk 11.17.1
digium asterisk 13.12.2
digium asterisk 14.3.0
digium asterisk 11.21.2
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 11.0.2
digium asterisk 13.5.0
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 13.12.1
digium asterisk 11.1.2
digium asterisk 13.4.0
digium asterisk 14.01
digium asterisk 11.2.2
digium certified_asterisk 13.13
digium asterisk 13.13.1
digium asterisk 11.1.1
digium asterisk 11.22.0
digium asterisk 11.12.1
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 14.1.2
digium asterisk 11.25.0
digium asterisk 13.13.0
digium asterisk 13.15.0
digium asterisk 14.2.1
digium asterisk 11.2.1
digium asterisk 11.8.1
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 11.13.0
digium asterisk 14.1
digium asterisk 14.1.1
digium asterisk 13.3.2
digium asterisk 11.11.0
digium asterisk 11.13.1
digium asterisk 13.3.0
digium asterisk 13.7.2
digium asterisk 14.2
digium asterisk 14.5.0
digium asterisk 14.0.0
digium asterisk 13.15.1
digium asterisk 14.6.0
digium asterisk 13.12
digium asterisk 11.6.1
digium asterisk 13.8.1
digium asterisk 13.17.0
digium asterisk 11.14.0
digium asterisk 13.1.1
digium asterisk 11.15.0
digium asterisk 14.3.1
digium asterisk 11.2.0
digium asterisk 14.02
digium asterisk 14.4.1
digium asterisk 11.7.0
digium asterisk 13.9.1
digium asterisk 11.15.1
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 13.14.1
digium asterisk 11.20.0
digium asterisk 13.14.0
digium asterisk 13.0.2
digium asterisk 11.21.1
digium asterisk 13.11.2
digium asterisk 13.11.1
digium asterisk 11.14.1
digium asterisk 14.2.0
digium asterisk 11.14.2
digium asterisk 11.10.1
digium asterisk 13.1.0
digium asterisk 13.8.0
digium asterisk 13.7.1
digium asterisk 13.16.0
digium asterisk 14.0.1
digium asterisk 11.18.0
digium asterisk 13.2.1
digium asterisk 11.24.1
digium asterisk 11.10.0
digium asterisk 13.9.0
digium asterisk 11.9.0
digium asterisk 14.0
digium asterisk 11.17.0
digium asterisk 11.23.1
digium asterisk 11.6.0
digium asterisk 11.24.0
digium asterisk 11.19.0
digium asterisk 11.23.0
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 13.12.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2017-14603 MEDIUM

In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 14.4.0
digium asterisk 11.25.1
digium asterisk 11.8.0
digium asterisk 11.10.2
digium asterisk 11.17.1
digium asterisk 13.12.2
digium asterisk 14.3.0
digium asterisk 11.21.2
digium asterisk 13.0.1
digium asterisk 13.10.0
digium asterisk 13.0.0
digium asterisk 11.0.2
digium asterisk 13.5.0
digium asterisk 11.0.0
digium asterisk 11.12.0
digium asterisk 11.21.0
digium asterisk 13.12.1
digium asterisk 11.1.2
digium asterisk 13.4.0
digium asterisk 14.01
digium asterisk 11.2.2
digium certified_asterisk 13.13
digium asterisk 13.13.1
digium asterisk 11.1.1
digium asterisk 11.22.0
digium asterisk 11.12.1
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 14.1.2
digium asterisk 11.25.0
digium asterisk 13.13.0
digium asterisk 13.15.0
digium asterisk 14.2.1
digium asterisk 11.2.1
digium asterisk 11.8.1
digium asterisk 11.1.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 11.13.0
digium asterisk 14.1
digium asterisk 14.1.1
digium asterisk 13.3.2
digium asterisk 11.11.0
digium asterisk 11.13.1
digium asterisk 13.3.0
digium asterisk 13.7.2
digium asterisk 14.2
digium asterisk 14.5.0
digium asterisk 14.0.0
digium asterisk 13.15.1
digium asterisk 14.6.0
digium asterisk 13.12
digium asterisk 11.6.1
digium asterisk 13.8.1
digium asterisk 13.17.0
digium asterisk 11.14.0
digium asterisk 13.1.1
digium asterisk 11.15.0
digium asterisk 14.3.1
digium asterisk 11.2.0
digium asterisk 14.02
digium asterisk 14.4.1
digium asterisk 11.7.0
digium asterisk 13.9.1
digium asterisk 11.15.1
digium asterisk 13.6.0
digium asterisk 11.4.0
digium asterisk 13.14.1
digium asterisk 11.20.0
digium asterisk 13.14.0
digium asterisk 13.0.2
digium asterisk 11.21.1
digium asterisk 13.11.2
digium asterisk 13.11.1
digium asterisk 11.14.1
digium asterisk 14.2.0
digium asterisk 11.14.2
digium asterisk 11.10.1
digium asterisk 13.1.0
digium asterisk 13.8.0
digium asterisk 13.7.1
digium asterisk 13.16.0
digium asterisk 14.0.1
digium asterisk 11.18.0
digium asterisk 13.2.1
digium asterisk 11.24.1
digium asterisk 11.10.0
digium asterisk 13.9.0
digium asterisk 11.9.0
digium asterisk 14.0
digium asterisk 11.17.0
digium asterisk 11.23.1
digium asterisk 11.6.0
digium asterisk 11.24.0
digium asterisk 11.19.0
digium asterisk 11.23.0
digium certified_asterisk 11.6
digium asterisk 11.0.1
digium asterisk 13.12.0
digium asterisk 11.16.0
digium asterisk 13.2.0
CVE-2017-16671 MEDIUM

A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium certified_asterisk 13.13.0
digium asterisk *
CVE-2017-16672 MEDIUM

An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
digium certified_asterisk 13.13.0
digium asterisk *
CVE-2017-17090 MEDIUM

An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-459,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 13.13
digium certified_asterisk *
CVE-2017-17664 MEDIUM

A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 13.13
digium certified_asterisk *
CVE-2017-17850 MEDIUM

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 13.8
digium certified_asterisk 13.1.0
CVE-2017-7617 MEDIUM

Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 14.0.2
digium asterisk 14.1.0
digium asterisk 13.12
digium asterisk 14.2.0
digium asterisk 13.8.1
digium asterisk 13.11.0
digium asterisk 13.13
digium asterisk 14.1.2
digium asterisk 13.1.0
digium asterisk 13.1.1
digium asterisk 13.12.2
digium asterisk 13.8.0
digium asterisk 14.3.0
digium asterisk 13.13.0
digium certified_asterisk *
digium asterisk 13.7.1
digium asterisk 13.0.1
digium asterisk 14.2.1
digium asterisk 13.10.0
digium asterisk 14.0.1
digium asterisk 13.2.1
digium asterisk 13.0.0
digium asterisk 13.5.0
digium asterisk 14.02
digium asterisk 13.9.0
digium asterisk 13.7.0
digium asterisk 13.8.2
digium asterisk 13.12.1
digium asterisk 13.9.1
digium asterisk 14.1
digium asterisk 13.4.0
digium asterisk 14.01
digium asterisk 14.0
digium asterisk 14.1.1
digium asterisk 13.3.2
digium asterisk 13.3.0
digium asterisk 13.6.0
digium asterisk 13.7.2
digium asterisk 13.14.0
digium asterisk 14.2
digium asterisk 13.0.2
digium asterisk 13.11.2
digium asterisk 13.12.0
digium asterisk 14.0.0
digium asterisk 13.11.1
digium asterisk 13.2.0
CVE-2017-9359 MEDIUM

The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
digium open_source 13.3.0
digium open_source 13.10.0
digium open_source 13.12.2
digium certified_asterisk 13.13.0
digium open_source 13.2.0
digium open_source 13.5.0
digium open_source 13.12.1
digium open_source 13.6.0
digium open_source 13.12.0
digium open_source 13.4.0
digium open_source 13.11.0
digium open_source 13.8.1
digium open_source 14.2.0
digium open_source 13.8.2
digium open_source 13.7.0
digium open_source 13.13.0
digium open_source 13.8.0
digium open_source 13.14.0
digium open_source 13.1.0
digium open_source 13.9.0
digium open_source 13.15.0
digium open_source 13.0.0
CVE-2017-9372 MEDIUM

PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium open_source 14.4.0
digium open_source 13.12.2
digium open_source 13.2.0
digium open_source 13.5.0
digium open_source 13.6.0
digium open_source 14.2.1
digium open_source 13.11.0
digium open_source 14.2.0
digium open_source 13.7.0
digium open_source 13.13.0
digium open_source 13.1.0
digium open_source 13.3.0
digium open_source 13.10.0
digium certified_asterisk 13.13.0
digium open_source 14.0.0
digium open_source 13.12.1
digium open_source 13.12.0
digium open_source 13.4.0
digium open_source 13.8.1
digium open_source 13.8.2
digium open_source 13.8.0
digium open_source 13.14.0
digium open_source 14.3.0
digium open_source 13.9.0
digium open_source 13.15.0
digium open_source 14.1.0
digium open_source 13.0.0
CVE-2018-12227 MEDIUM

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. When endpoint specific ACL rules block a SIP request, they respond with a 403 forbidden. However, if an endpoint is not identified, then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.18
digium certified_asterisk 13.21
CVE-2018-17281 MEDIUM

There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.13
digium certified_asterisk 13.21
digium certified_asterisk 11.6
debian debian_linux 8.0
digium certified_asterisk 13.8
digium certified_asterisk 13.1
CVE-2018-19278 MEDIUM

Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed length.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
digium asterisk 15.2.0
digium asterisk 15.5.0
digium asterisk 15.1.0
digium asterisk 15.1.3
digium asterisk 15.4.0
digium asterisk 15.6.1
digium asterisk 15.2.1
digium asterisk 15.1.2
digium asterisk 15.6.0
digium asterisk 16.0.0
digium asterisk 16.0.1
digium asterisk 15.0.0
digium asterisk 15.1.5
digium asterisk 15.1.4
digium asterisk 15.3.0
digium asterisk 15.2.2
digium asterisk 15.4.1
CVE-2018-7284 MEDIUM

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.18
digium certified_asterisk *
CVE-2018-7285 MEDIUM

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number, these desired ones are still stored internally. When an RTP packet was received, this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example, the payload number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would always exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2018-7286 MEDIUM

An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk (segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then suddenly closing the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk *
digium asterisk 13.19.1
CVE-2018-7287 MEDIUM

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
digium asterisk 15.2.0
digium asterisk 15.1.0
digium asterisk 15.1.1
digium asterisk 15.1.3
digium asterisk 15.0.0
digium asterisk 15.1.5
digium asterisk 15.1.4
digium asterisk 15.2.1
digium asterisk 15.1.2
CVE-2019-12827 MEDIUM

Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 13.21
CVE-2019-13161 LOW

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium certified_asterisk 1.8.28
digium certified_asterisk 1.8.1.0
digium certified_asterisk 13.18
digium certified_asterisk 13.13-cert2
debian debian_linux 8.0
digium certified_asterisk 1.8.4.0
digium certified_asterisk 11.3.0
digium certified_asterisk 13.8
digium certified_asterisk 11.1.0
digium certified_asterisk 11.6.0
digium certified_asterisk 11.2
digium certified_asterisk 1.8.10.0
digium certified_asterisk 1.8.14.0
digium certified_asterisk 11.0.0
digium certified_asterisk 13.8.0
digium certified_asterisk 1.8.0.0
digium certified_asterisk 1.8.5.0
digium certified_asterisk 1.8.15
digium asterisk *
digium certified_asterisk 1.8.13.0
digium certified_asterisk 13.21
digium certified_asterisk 1.8.2.0
digium certified_asterisk 1.8.6.0
digium certified_asterisk 13.1.0
digium certified_asterisk 1.8.11
digium certified_asterisk 1.8.7.0
digium certified_asterisk 1.8.28.0
digium certified_asterisk 1.8.9.0
digium certified_asterisk 1.8.8.0
digium certified_asterisk 1.8.12.0
digium certified_asterisk 13.13
digium certified_asterisk 1.8.11.0
digium certified_asterisk 11.6
digium certified_asterisk 11.4.0
digium certified_asterisk 11.5.0
digium certified_asterisk 1.8.3.0
digium certified_asterisk 13.1
CVE-2019-15297 MEDIUM

res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2019-15639 MEDIUM

main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2019-18610 HIGH

An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.21.0
debian debian_linux 8.0
CVE-2019-18790 MEDIUM

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.21.0
debian debian_linux 8.0
CVE-2019-18976 MEDIUM

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 13.21
CVE-2019-7251 MEDIUM

An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2020-28327 LOW

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H 1.6 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-404,

Products Affected

Vendor Product Version
sangoma asterisk *
digium certified_asterisk 16.8
CVE-2020-35652 MEDIUM

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2020-35776 MEDIUM

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
digium asterisk *
CVE-2021-26712 MEDIUM

Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 16.8
CVE-2021-26713 MEDIUM

A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 16.8
CVE-2021-26717 MEDIUM

An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 16.8
CVE-2021-26906 MEDIUM

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
digium asterisk *
digium certified_asterisk 16.8
CVE-2021-31878 MEDIUM

An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
digium asterisk 18.4.0
digium asterisk 16.18.0
digium asterisk 16.19.0
digium asterisk 16.17.0
digium asterisk 18.5.0
digium asterisk 18.3.0
CVE-2021-32558 MEDIUM

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
debian debian_linux 9.0
digium asterisk *
digium certified_asterisk 16.8
debian debian_linux 11.0
CVE-2021-46837

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.

Products Affected

Vendor Product Version
debian debian_linux 9.0
asterisk certified_asterisk 16.8.0
digium asterisk *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-26498 MEDIUM

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
digium asterisk *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-26499 MEDIUM

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
digium asterisk *
debian debian_linux 10.0
debian debian_linux 11.0
CVE-2022-26651 HIGH

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
digium asterisk *
debian debian_linux 10.0
digium certified_asterisk 16.8
debian debian_linux 11.0
CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H 3.9 4.2
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
sangoma certified_asterisk 13.13.0
sangoma certified_asterisk 16.8.0
digium asterisk *
digium asterisk 21.0.0
sangoma certified_asterisk 18.9
CVE-2023-49294

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
security-advisories@github.com 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
sangoma certified_asterisk 13.13.0
sangoma certified_asterisk 16.8.0
digium asterisk *
digium asterisk 21.0.0
sangoma certified_asterisk 18.9
CVE-2023-49786

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable Asterisk servers for calls that rely on DTLS-SRTP. Commit d7d7764cb07c8a1872804321302ef93bf62cba05 contains a fix, which is part of versions 18.20.1, 20.5.1, 21.0.1, amd 18.9-cert6.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

Products Affected

Vendor Product Version
sangoma certified_asterisk 13.13.0
sangoma certified_asterisk 16.8.0
digium asterisk *
digium asterisk 21.0.0
sangoma certified_asterisk 18.9