Vulnerabilities > Digium > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-02 | CVE-2017-14098 | Improper Input Validation vulnerability in Digium Asterisk In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash. | 7.5 |
| 2017-06-02 | CVE-2017-9372 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 7.5 |
| 2017-06-02 | CVE-2017-9359 | Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 7.5 |
| 2017-04-17 | CVE-2016-7551 | Resource Management Errors vulnerability in multiple products chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion). | 7.5 |
| 2017-04-10 | CVE-2017-7617 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI Monitor action. | 8.8 |
| 2016-12-12 | CVE-2016-9937 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Asterisk An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. | 7.5 |
| 2007-07-31 | CVE-2007-4103 | Missing Release of Resource after Effective Lifetime vulnerability in Digium Asterisk and Asterisk Appliance Developer KIT The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released. | 7.5 |