Vulnerabilities > Asterisk

DATE CVE VULNERABILITY TITLE RISK
2022-08-30 CVE-2021-46837 NULL Pointer Dereference vulnerability in multiple products
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.
network
low complexity
asterisk digium debian CWE-476
6.5
2022-02-22 CVE-2022-23608 Use After Free vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-416
critical
9.8
2022-01-27 CVE-2022-21723 Out-of-bounds Read vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-125
critical
9.1
2021-12-22 CVE-2021-37706 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.
network
low complexity
teluu asterisk sangoma debian CWE-191
critical
9.8
2020-11-06 CVE-2020-28327 Improper Resource Shutdown or Release vulnerability in multiple products
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1.
network
high complexity
asterisk digium CWE-404
2.1
2020-11-06 CVE-2020-28242 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5.
network
low complexity
asterisk fedoraproject debian CWE-674
6.5
2019-10-29 CVE-2009-3723 Incorrect Authorization vulnerability in multiple products
asterisk allows calls on prohibited networks
network
low complexity
asterisk debian CWE-863
5.0
2018-06-12 CVE-2018-12228 Infinite Loop vulnerability in Asterisk Open Source
An issue was discovered in Asterisk Open Source 15.x before 15.4.1.
network
low complexity
asterisk CWE-835
6.8
2017-06-02 CVE-2017-9358 Infinite Loop vulnerability in Asterisk Certified Asterisk and Open Source
A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).
network
low complexity
asterisk CWE-835
5.0
2013-04-01 CVE-2013-2686 Buffer Errors vulnerability in Asterisk Certified Asterisk, Digiumphones and Open Source
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request.
network
low complexity
asterisk CWE-119
5.0