Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Asterisk
(Sangoma)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-08-31 | CVE-2012-2186 | Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. | Business_edition, Certified_asterisk, Digiumphones, Open_source, Asterisk | N/A | ||
| 2017-06-02 | CVE-2017-9358 | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | Certified_asterisk, Asterisk | 7.5 | ||
| 2018-06-12 | CVE-2018-12228 | An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. | Asterisk | 6.5 | ||
| 2019-10-29 | CVE-2009-3723 | asterisk allows calls on prohibited networks | Debian_linux, Asterisk | 7.5 |