Vulnerabilities > Digium > Certified Asterisk > 13.13.0

DATE CVE VULNERABILITY TITLE RISK
2017-11-09 CVE-2017-16672 Missing Release of Resource after Effective Lifetime vulnerability in Digium Asterisk and Certified Asterisk
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7.
network
digium CWE-772
4.3
4.3
2017-11-09 CVE-2017-16671 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk and Certified Asterisk
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7.
network
low complexity
digium CWE-119
6.5
6.5
2017-06-02 CVE-2017-9372 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.
network
low complexity
digium CWE-119
5.0
5.0
2017-06-02 CVE-2017-9359 Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
network
low complexity
digium CWE-125
5.0
5.0