pkg:Debian/asterisk

244 total CVEsCRITICAL31HIGH53MEDIUM36

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-40892PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • CRITICAL9.8CVE-2026-32945PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • CRITICAL9.8CVE-2026-25994PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • CRITICAL9.8CVE-2024-57520Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function.
    from 0
  • CRITICAL9.8CVE-2023-38703PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages.
    from 0, < 1:16.28.0~dfsg-0+deb11u4
  • CRITICAL9.8CVE-2022-23547PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.8CVE-2022-23537asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb10u2
  • CRITICAL9.8CVE-2022-23537asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.8CVE-2022-23537asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.8CVE-2022-39244PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.8CVE-2022-31031PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.8CVE-2022-26651An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2022-24786PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2022-23608PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-43303Buffer overflow in PJSUA API when calling pjsua_call_dump.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-43301Stack overflow in PJSUA API when calling pjsua_playlist_create.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-43300Stack overflow in PJSUA API when calling pjsua_recorder_create.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-43299Stack overflow in PJSUA API when calling pjsua_player_create.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-37706asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb10u1
  • CRITICAL9.8CVE-2021-37706asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2021-37706asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.8CVE-2017-14100asterisk - security update
    from 0, < 1:1.8.13.1~dfsg1-3+deb7u7
  • CRITICAL9.8CVE-2017-14100asterisk - security update
    from 0, < 1:13.17.1~dfsg-1
  • CRITICAL9.1CVE-2026-41415PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • CRITICAL9.1CVE-2026-34235PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • CRITICAL9.1CVE-2022-39269PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CRITICAL9.1CVE-2022-26499An SSRF issue was discovered in Asterisk through 19.x.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.1CVE-2021-43302Read out-of-bounds in PJSUA API when calling pjsua_recorder_create.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.1CVE-2022-21723PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.1CVE-2022-21722PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • CRITICAL9.1CVE-2021-43845PJSIP is a free and open source multimedia communication library.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH8.8CVE-2026-40614PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH8.8CVE-2026-23741Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u9
  • HIGH8.8CVE-2024-42365asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u5
  • HIGH8.8CVE-2024-42365asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u5
  • HIGH8.8CVE-2019-18610asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u7
  • HIGH8.8CVE-2019-18610asterisk - security update
    from 0, < 1:16.10.0~dfsg-1
  • HIGH8.8CVE-2017-16671A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Aste…
    from 0, < 1:13.18.1~dfsg-1
  • HIGH8.8CVE-2017-7617Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.1…
    from 0, < 1:13.14.1~dfsg-1
  • HIGH8.2CVE-2023-37457asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u4
  • HIGH8.2CVE-2023-37457asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u4
  • HIGH8.2CVE-2023-37457asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb10u4
  • HIGH8.1CVE-2026-32942PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH7.8CVE-2026-23740Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u9
  • HIGH7.8CVE-2025-1131asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u8
  • HIGH7.8CVE-2025-1131asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u8
  • HIGH7.8CVE-2025-47780Asterisk is an open-source private branch exchange (PBX).
    from 0, < 1:16.28.0~dfsg-0+deb11u7
  • HIGH7.5CVE-2026-41416PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH7.5CVE-2026-33069PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH7.5CVE-2026-29068PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH7.5CVE-2026-28799PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • HIGH7.5CVE-2023-49294Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u4
  • HIGH7.5CVE-2023-27585ring - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u3
  • HIGH7.5CVE-2023-27585ring - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u3
  • HIGH7.5CVE-2023-27585ring - security update
    from 0, < 1:16.28.0~dfsg-0+deb10u3
  • HIGH7.5CVE-2022-37325In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/sr…
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • HIGH7.5CVE-2022-24792PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH7.5CVE-2022-26498An issue was discovered in Asterisk through 19.x.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH7.5CVE-2022-24793PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH7.5CVE-2022-24763pjproject - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH7.5CVE-2022-24764PJSIP is a free and open source multimedia communication library written in C.
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • HIGH7.5CVE-2021-32558asterisk - security update
    from 0, < 1:16.16.1~dfsg-1+deb11u1
  • HIGH7.5CVE-2021-32558asterisk - security update
    from 0, < 1:16.16.1~dfsg-1+deb11u1
  • HIGH7.5CVE-2021-32558asterisk - security update
    from 0, < 1:13.14.1~dfsg-2+deb9u5
  • HIGH7.5CVE-2021-26717An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 1…
    from 0, < 1:16.16.1~dfsg-1
  • HIGH7.5CVE-2019-18976An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x.
    from 0, < 1:16.1.1~dfsg-1
  • HIGH7.5CVE-2009-3723asterisk allows calls on prohibited networks
    from 0, < 1:1.6.2.0~rc3-2
  • HIGH7.5CVE-2016-7550asterisk 13.10.0 is affected by: denial of service issues in asterisk.
    from 0, < 1:13.11.2~dfsg-1
  • HIGH7.5CVE-2018-17281asterisk - security update
    from 0, < 1:13.23.1~dfsg-1
  • HIGH7.5CVE-2018-17281asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u6
  • HIGH7.5CVE-2018-7284A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk th…
    from 0, < 1:13.20.0~dfsg-1
  • HIGH7.5CVE-2017-17850An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older.
    from 0, < 1:13.18.5~dfsg-1
  • HIGH7.5CVE-2017-17090asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u5
  • HIGH7.5CVE-2017-17090asterisk - security update
    from 0, < 1:13.18.3~dfsg-1
  • HIGH7.5CVE-2017-17090asterisk - security update
    from 0, < 1:1.8.13.1~dfsg1-3+deb7u8
  • HIGH7.5CVE-2017-14603asterisk - security update
    from 0, < 1:13.17.2~dfsg-1
  • HIGH7.5CVE-2017-14603asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u4
  • HIGH7.5CVE-2017-14099asterisk - security update
    from 0, < 1:13.17.1~dfsg-1
  • HIGH7.5CVE-2017-14099asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u3
  • HIGH7.5CVE-2017-14098In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To,…
    from 0, < 1:13.17.1~dfsg-1
  • HIGH7.5CVE-2017-9358A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 be…
    from 0, < 1:13.14.1~dfsg-2
  • HIGH7.5CVE-2016-7551chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-…
    from 0, < 1:13.11.2~dfsg-1
  • HIGH7.5CVE-2007-4103The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0…
    from 0, < 1:1.4.9~dfsg-1
  • HIGH7.3CVE-2021-43804PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • MEDIUM6.5CVE-2026-26203PJSIP is a free and open source multimedia communication library.
    from 0
  • MEDIUM6.5CVE-2026-23739Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u9
  • MEDIUM6.5CVE-2025-54995Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u8
  • MEDIUM6.5CVE-2025-47779asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u7
  • MEDIUM6.5CVE-2025-47779asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u7
  • MEDIUM6.5CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated at…
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • MEDIUM6.5CVE-2021-46837res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7…
    from 0, < 1:16.28.0~dfsg-0+deb11u1
  • MEDIUM6.5CVE-2020-35776A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to cras…
    from 0, < 1:16.16.1~dfsg-1
  • MEDIUM6.5CVE-2020-35652An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0,…
    from 0, < 1:16.15.1~dfsg-1
  • MEDIUM6.5CVE-2020-28242An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Ce…
    from 0, < 1:16.15.0~dfsg-1
  • MEDIUM6.5CVE-2019-18790An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Cer…
    from 0, < 1:16.10.0~dfsg-1
  • MEDIUM6.5CVE-2019-15297res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined str…
    from 0, < 1:16.10.0~dfsg-1
  • MEDIUM6.5CVE-2019-12827Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authentic…
    from 0, < 1:16.2.1~dfsg-2
  • MEDIUM6.5CVE-2019-7251An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 a…
    from 0, < 1:16.2.1~dfsg-1
  • MEDIUM6.5CVE-2018-7286An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cer…
    from 0, < 1:13.20.0~dfsg-1
  • MEDIUM6.5CVE-2016-2232Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 1…
    from 0, < 1:13.7.2~dfsg-1
  • MEDIUM6.1CVE-2026-23738asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u9
  • MEDIUM6.1CVE-2026-23738asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u9
  • MEDIUM5.9CVE-2026-42225PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • MEDIUM5.9CVE-2023-49786Asterisk is an open source private branch exchange and telephony toolkit.
    from 0, < 1:16.28.0~dfsg-0+deb11u4
  • MEDIUM5.9CVE-2021-32686ring - security update
    from 0, < 1:16.16.1~dfsg-1+deb11u1
  • MEDIUM5.9CVE-2021-26906An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.…
    from 0, < 1:16.16.1~dfsg-1
  • MEDIUM5.9CVE-2017-17664A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified A…
    from 0, < 1:13.18.5~dfsg-1
  • MEDIUM5.9CVE-2017-16672An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 befo…
    from 0, < 1:13.18.1~dfsg-1
  • MEDIUM5.9CVE-2016-2316chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-c…
    from 0, < 1:13.7.2~dfsg-1
  • MEDIUM5.7CVE-2024-42491Asterisk is an open-source private branch exchange (PBX).
    from 0, < 1:16.28.0~dfsg-0+deb11u5
  • MEDIUM5.5CVE-2024-53566asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u6
  • MEDIUM5.5CVE-2024-53566asterisk - security update
    from 0, < 1:16.28.0~dfsg-0+deb11u6
  • MEDIUM5.3CVE-2026-26967PJSIP is a free and open source multimedia communication library written in C.
    from 0
  • MEDIUM5.3CVE-2020-28327A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x bef…
    from 0, < 1:16.15.0~dfsg-1
  • MEDIUM5.3CVE-2019-13161asterisk - security update
    from 0, < 1:13.14.1~dfsg-2+deb9u6
  • MEDIUM5.3CVE-2019-13161asterisk - security update
    from 0, < 1:16.2.1~dfsg-2
  • MEDIUM5.3CVE-2018-12227asterisk - security update
    from 0, < 1:13.22.0~dfsg-1
  • MEDIUM5.3CVE-2018-12227asterisk - security update
    from 0, < 1:13.14.1~dfsg-2+deb9u4
  • MEDIUM5.3CVE-2016-9938An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.…
    from 0, < 1:13.13.1~dfsg-1
  • MEDIUM4.9CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1.
    from 0, < 1:16.28.0~dfsg-0+deb11u2
  • CVE-2025-65102PJSIP is a free and open source multimedia communication library.
    from 0
  • CVE-2025-57767Asterisk is an open source private branch exchange and telephony toolkit.
    from 0
  • CVE-2015-3008asterisk - security update
    from 0, < 1:13.7.2~dfsg-1
  • CVE-2015-3008asterisk - security update
    from 0, < 1:11.13.1~dfsg-2+deb8u1
  • CVE-2015-1558Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, w…
    from 0, < 1:13.1.0~dfsg-1.1
  • CVE-2014-9374Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-6610Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spand…
    from 0, < 1:11.12.1~dfsg-1
  • CVE-2014-8418The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8417ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8416Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8415Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers t…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8414ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allo…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8413The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined i…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-8412The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x befor…
    from 0, < 1:13.1.0~dfsg-1
  • CVE-2014-4047Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 a…
    from 0, < 1:11.10.2~dfsg-1
  • CVE-2014-4046Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated M…
    from 0, < 1:11.10.2~dfsg-1
  • CVE-2014-2287asterisk - security update
    from 0, < 1:11.8.1~dfsg-1
  • CVE-2014-2287asterisk - security update
    from 0, < 1:1.8.13.1~dfsg1-3+deb7u5
  • CVE-2014-2286asterisk - security update
    from 0, < 1:1.8.13.1~dfsg1-3+deb7u4
  • CVE-2014-2286asterisk - security update
    from 0, < 1:11.8.1~dfsg-1
  • CVE-2013-7100asterisk - buffer overflow
    from 0, < 1:11.7.0~dfsg-1
  • CVE-2013-7100asterisk - buffer overflow
    from 0, < 1:1.6.2.9-2+squeeze12
  • CVE-2013-5642The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Ce…
    from 0, < 1:11.5.1~dfsg-1
  • CVE-2013-5641asterisk - several
    from 0, < 1:11.5.1~dfsg-1
  • CVE-2013-5641asterisk - several
    from 0, < 1:1.6.2.9-2+squeeze11
  • CVE-2013-2686main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asteri…
    from 0, < 1:1.8.13.1~dfsg-2
  • CVE-2013-2264The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.1…
    from 0, < 1:1.8.13.1~dfsg-2
  • CVE-2012-5977Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; an…
    from 0, < 1:1.8.13.1~dfsg-2
  • CVE-2012-5976asterisk - several issues
    from 0, < 1:1.8.13.1~dfsg-2
  • CVE-2012-5976asterisk - several issues
    from 0, < 1:1.6.2.9-2+squeeze9
  • CVE-2012-1184Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allow…
    from 0, < 1:1.8.10.0~dfsg-1
  • CVE-2012-1183asterisk - several
    from 0, < 1:1.8.10.0~dfsg-1
  • CVE-2012-1183asterisk - several
    from 0, < 1:1.6.2.9-2+squeeze5
  • CVE-2012-4737channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, A…
    from 0, < 1:1.8.13.1~dfsg-1
  • CVE-2012-2186asterisk - several
    from 0, < 1:1.6.2.9-2+squeeze7
  • CVE-2012-2186asterisk - several
    from 0, < 1:1.8.13.1~dfsg-1
  • CVE-2012-3812Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk…
    from 0, < 1:1.8.13.1~dfsg-1
  • CVE-2012-3863channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, C…
    from 0, < 1:1.8.13.1~dfsg-1
  • CVE-2012-2948chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x…
    from 0, < 1:1.8.13.0~dfsg-1
  • CVE-2012-2947asterisk - denial of service
    from 0, < 1:1.8.13.0~dfsg-1
  • CVE-2012-2947asterisk - denial of service
    from 0, < 1:1.6.2.9-2+squeeze6
  • CVE-2012-2416chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3…
    from 0, < 1:1.8.11.1~dfsg-1
  • CVE-2012-2415Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.…
    from 0, < 1:1.8.11.1~dfsg-1
  • CVE-2012-2414main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and…
    from 0, < 1:1.8.11.1~dfsg-1
  • CVE-2012-0885chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is impro…
    from 0, < 1:1.8.8.2~dfsg-1
  • CVE-2011-4598The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when auto…
    from 0, < 1:1.8.8.0~dfsg-1
  • CVE-2011-4597asterisk - several
    from 0, < 1:1.8.8.0~dfsg-1
  • CVE-2011-4597asterisk - several
    from 0, < 1:1.6.2.9-2+squeeze4
  • CVE-2011-4063chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize v…
    from 0, < 1:1.8.7.1~dfsg-1
  • CVE-2011-3389curl - several
    from 0, < 1:13.7.2~dfsg-1
  • CVE-2011-2666The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not…
    from 0, < 1:1.8.3.3-1
  • CVE-2011-2665reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of servic…
    from 0, < 1:1.8.4.3-1
  • CVE-2011-2536chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, an…
    from 0, < 1:1.8.4.4~dfsg-1
  • CVE-2011-2535chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3,…
    from 0, < 1:1.8.4.3-1
  • CVE-2011-2529asterisk - multiple issues
    from 0, < 1:1.6.2.9-2+squeeze3
  • CVE-2011-2529asterisk - multiple issues
    from 0, < 1:1.6.2.9-2+squeeze3
  • CVE-2011-2529asterisk - multiple issues
    from 0, < 1:1.8.4.3-1
  • CVE-2011-2216reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows r…
    from 0, < 1:1.8.4.2-1
  • CVE-2011-1599manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1…
    from 0, < 1:1.8.3.3-1
  • CVE-2011-1507Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Busin…
    from 0, < 1:1.8.3.3-1
  • CVE-2011-1175tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows…
    from 0, < 1:1.8.3.3-1
  • CVE-2011-1174manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to c…
    from 0, < 1:1.8.3.3-1
  • CVE-2011-1147asterisk - several
    from 0, < 1:1.8.3.3-1
  • CVE-2011-1147asterisk - several
    from 0, < 1:1.4.21.2~dfsg-3+lenny2.1
  • CVE-2011-0495asterisk - buffer overflow
    from 0, < 1:1.6.2.9-2+squeeze1
  • CVE-2011-0495asterisk - buffer overflow
    from 0, < 1:1.6.2.9-2+squeeze1
  • CVE-2010-1224main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce r…
    from 0, < 1:1.6.2.6-1
  • CVE-2010-0685The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, wh…
    from 0, < 1:1.6.2.6-1
  • CVE-2010-0441Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2,…
    from 0, < 1:1.6.2.2-1
  • CVE-2009-4055rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Ed…
    from 0, < 1:1.6.2.0~rc7-1
  • CVE-2009-3727Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.…
    from 0, < 1:1.6.2.0~rc6-1
  • CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests…
    from 0, < 1:1.6.2.0~rc3-1
  • CVE-2009-2346The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x b…
    from 0, < 1:1.6.2.0~dfsg~beta3-1
  • CVE-2009-2726The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.…
    from 0, < 1:1.6.2.0~dfsg~rc1-1
  • CVE-2009-2651main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame…
    from 0, < 1:1.6.2.0~dfsg~rc1-1
  • CVE-2009-0041IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x befo…
    from 0, < 1:1.6.1.0~dfsg~rc3-1
  • CVE-2008-5558Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows rem…
    from 0, < 1:1.4.0~dfsg-1
  • CVE-2008-3903Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before…
    from 0, < 1:1.6.1.0~dfsg-1
  • CVE-2008-3264The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Editio…
    from 0, < 1:1.4.21.2~dfsg-1
  • CVE-2008-3263The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x…
    from 0, < 1:1.4.21.2~dfsg-1
  • CVE-2008-2119Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedantic…
    from 0, < 1.4
  • CVE-2008-1923The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthent…
    from 0, < 1:1.4.19.1~dfsg-1
  • CVE-2008-1897asterisk - denial of service
    from 0, < 1:1.2.13~dfsg-2etch4
  • CVE-2008-1897asterisk - denial of service
    from 0, < 1:1.4.19.1~dfsg-1
  • CVE-2008-1289Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edit…
    from 0, < 1:1.4.18.1~dfsg-1
  • CVE-2008-1390The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1…
    from 0, < 1:1.4.19.1~dfsg-1
  • CVE-2008-1332Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x…
    from 0, < 1:1.4.18.1~dfsg-1
  • CVE-2008-1333Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via log…
    from 0, < 1:1.4.18.1~dfsg-1
  • CVE-2008-0095The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Applianc…
    from 0, < 1:1.4.17~dfsg-1
  • CVE-2007-6430asterisk
    from 0, < 1:1.4.16.2~dfsg-1
  • CVE-2007-6430asterisk
    from 0, < 1:1.2.13~dfsg-2etch3
  • CVE-2007-6171SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 a…
    from 0, < 1:1.4.15~dfsg-1
  • CVE-2007-6170asterisk - SQL injection
    from 0, < 1:1.4.15~dfsg-1
  • CVE-2007-6170asterisk - SQL injection
    from 0, < 1:1.0.7.dfsg.1-2sarge6
  • CVE-2007-5358Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote a…
    from 0, < 1:1.4.13~dfsg-1
  • CVE-2007-4455The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0…
    from 0, < 1:1.4.11~dfsg-1
  • CVE-2007-4280The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7…
    from 0, < 1:1.4.10~dfsg-1
  • CVE-2007-3762Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition befor…
    from 0, < 1:1.4.8~dfsg-1
  • CVE-2007-3763The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before b…
    from 0, < 1:1.4.8~dfsg-1
  • CVE-2007-3764The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW befo…
    from 0, < 1:1.4.8~dfsg-1
  • CVE-2007-3765The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.…
    from 0, < 1:1.4.8~dfsg-1
  • CVE-2007-2488The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to tri…
    from 0, < 1:1.4.5~dfsg-1
  • CVE-2007-2383asterisk - several vulnerabilities
    from 0, < 1:1.4.21.2~dfsg-3+lenny1
  • CVE-2007-2383asterisk - several vulnerabilities
    from 0, < 1:1.6.2.0~rc3-1
  • CVE-2007-2297The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not cont…
    from 0, < 1:1.4.2~dfsg-1
  • CVE-2007-2293Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3…
    from 0, < 1:1.4.3~dfsg-1
  • CVE-2007-2294The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by usin…
    from 0, < 1:1.4.3~dfsg-1
  • CVE-2007-1595The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to…
    from 0, < 1:1.4.0~dfsg-1
  • CVE-2007-1561The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP…
    from 0, < 1:1.4.2~dfsg-5
  • CVE-2007-1306asterisk
    from 0, < 1:1.2.16~dfsg-1
  • CVE-2007-1306asterisk
    from 0, < 1:1.2.13~dfsg-2etch1
  • CVE-2006-5445Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allo…
    from 0, < 1:1.2.13~dfsg-1
  • CVE-2006-5444asterisk
    from 0, < 1:1.0.7.dfsg.1-2sarge4
  • CVE-2006-5444asterisk
    from 0, < 1:1.2.13~dfsg-1
  • CVE-2006-4346Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attacker…
    from 0, < 1:1.2.11.dfsg-1
  • CVE-2006-4345Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary cod…
    from 0, < 1:1.2.11.dfsg-1
  • CVE-2006-2898asterisk - several
    from 0, < 1:1.2.10.dfsg-2
  • CVE-2006-2898asterisk - several
    from 0, < 1:1.0.7.dfsg.1-2sarge3
  • CVE-2006-1827Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length valu…
    from 0, < 1:1.2.7.1.dfsg-1
  • CVE-2005-3559asterisk - several vulnerabilities
    from 0, < 1:1.2.7.1.dfsg-2
  • CVE-2005-3559asterisk - several vulnerabilities
    from 0, < 0.1.11-3woody1
  • CVE-2005-2081Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows re…
    from 0, < 1:1.0.9.dfsg-1
  • CVE-2003-0779SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary…
    from 0, < 0.7.0
  • CVE-2003-0761Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases be…
    from 0, < 0.5.0