Vulnerabilities > Digium > Asterisk > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2016-7551 | Resource Management Errors vulnerability in multiple products chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | 7.5 |
| 2017-04-10 | CVE-2017-7617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. | 8.8 |
| 2016-12-12 | CVE-2016-9937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. | 7.5 |
| 2007-07-31 | CVE-2007-4103 | Missing Release of Resource after Effective Lifetime vulnerability in Digium Asterisk and Asterisk Appliance Developer KIT The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | 7.5 |