Vulnerabilities > Asterisk > Open Source
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-06 | CVE-2020-28327 | Improper Resource Shutdown or Release vulnerability in multiple products A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. | 2.1 |
2020-11-06 | CVE-2020-28242 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. | 6.5 |
2019-10-29 | CVE-2009-3723 | Incorrect Authorization vulnerability in multiple products asterisk allows calls on prohibited networks | 5.0 |
2018-06-12 | CVE-2018-12228 | Infinite Loop vulnerability in Asterisk Open Source An issue was discovered in Asterisk Open Source 15.x before 15.4.1. | 6.8 |
2017-06-02 | CVE-2017-9358 | Infinite Loop vulnerability in Asterisk Certified Asterisk and Open Source A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | 5.0 |
2013-04-01 | CVE-2013-2686 | Buffer Errors vulnerability in Asterisk Certified Asterisk, Digiumphones and Open Source main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. | 5.0 |
2013-04-01 | CVE-2013-2685 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asterisk Open Source Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header. | 7.5 |
2013-04-01 | CVE-2013-2264 | Information Exposure vulnerability in Asterisk products The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur. | 5.0 |
2012-08-31 | CVE-2012-2186 | Unspecified vulnerability in Asterisk products Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. | 9.0 |
2012-06-02 | CVE-2012-2948 | Resource Management Errors vulnerability in Asterisk Certified Asterisk and Open Source chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. | 4.0 |