Latest digium asterisk Vulnerabilities

CVE-2023-49786
Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
Digium Asterisk<18.20.1
Digium Asterisk>=19.0.0<20.5.1
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2023-37457
Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
Digium Asterisk<=18.20.0
Digium Asterisk>=19.0.0<=20.5.0
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2023-49294
Asterisk Path Traversal vulnerability
Digium Asterisk<18.20.1
Digium Asterisk>=19.0.0<20.5.1
Digium Asterisk=21.0.0
Sangoma Certified Asterisk=13.13.0
Sangoma Certified Asterisk=13.13.0-cert1
Sangoma Certified Asterisk=13.13.0-cert1-rc1
and 25 more
CVE-2021-46837
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image...
Asterisk Certified Asterisk=16.8.0
Asterisk Certified Asterisk=16.8.0-cert1
Asterisk Certified Asterisk=16.8.0-cert2
Asterisk Certified Asterisk=16.8.0-cert3
Asterisk Certified Asterisk=16.8.0-cert4
Asterisk Certified Asterisk=16.8.0-cert5
and 8 more
CVE-2022-26498
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to dow...
Digium Asterisk>=16.15.0<=16.25.1
Digium Asterisk>=18.0<18.11.2
Digium Asterisk>=19.0.0<=19.3.1
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/asterisk<=1:16.2.1~dfsg-1+deb10u2
CVE-2022-26651
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL qu...
Digium Asterisk>=16.0.0<16.25.2
Digium Asterisk>=18.0<18.11.2
Digium Asterisk>=19.0.0<19.3.2
Digium Certified Asterisk=16.8
Digium Certified Asterisk=16.8-cert1-rc1
Digium Certified Asterisk=16.8-cert1-rc2
and 21 more
CVE-2022-26499
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This...
Digium Asterisk>=16.15.0<=16.25.1
Digium Asterisk>=18.0<18.11.2
Digium Asterisk>=19.0.0<=19.3.1
Debian Debian Linux=10.0
Debian Debian Linux=11.0
debian/asterisk<=1:16.2.1~dfsg-1+deb10u2
CVE-2021-31878
An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.
Digium Asterisk=16.17.0
Digium Asterisk=16.18.0
Digium Asterisk=16.19.0
Digium Asterisk=18.3.0
Digium Asterisk=18.4.0
Digium Asterisk=18.5.0
CVE-2021-32558
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver ...
debian/asterisk<=1:16.2.1~dfsg-1+deb10u2
Digium Asterisk>=13.0.0<13.38.3
Digium Asterisk>=16.0.0<16.19.1
Digium Asterisk>=17.0.0<17.9.4
Digium Asterisk>=18.0.0<18.15.1
Digium Certified Asterisk=16.8
and 18 more
CVE-2021-26713
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebR...
Digium Asterisk>=16.0.0<16.16.1
Digium Asterisk>=17.0.0<17.9.2
Digium Asterisk>=18.0.0<18.2.1
Digium Certified Asterisk=16.8
Digium Certified Asterisk=16.8-cert1-rc1
Digium Certified Asterisk=16.8-cert1-rc2
and 10 more
CVE-2021-26712
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secu...
Digium Asterisk>=13.0.0<=13.38.2
Digium Asterisk>=16.0.0<16.16.1
Digium Asterisk>=17.0.0<17.9.2
Digium Asterisk>=18.0<18.2.1
Digium Certified Asterisk=16.8
Digium Certified Asterisk=16.8-cert1-rc1
and 11 more
CVE-2021-26906
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16...
Digium Asterisk>=13.0.0<13.38.2
Digium Asterisk>=16.0.0<16.16.1
Digium Asterisk>=17.0.0<17.9.2
Digium Asterisk>=18.0<18.2.1
Digium Certified Asterisk=16.8
Digium Certified Asterisk=16.8-cert1-rc1
and 11 more
CVE-2020-35776
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
Digium Asterisk>=13.0.0<=13.38.1
Digium Asterisk>=16.0.0<=16.15.1
Digium Asterisk>=17.0.0<=17.9.1
Digium Asterisk>=18.0<=18.1.1
CVE-2021-26717
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remot...
Digium Asterisk>=16.0.0<16.16.1
Digium Asterisk>=17.0.0<17.9.2
Digium Asterisk>=18.0<18.2.1
Digium Certified Asterisk=16.8
Digium Certified Asterisk=16.8-cert1-rc1
Digium Certified Asterisk=16.8-cert1-rc2
and 10 more
CVE-2020-35652
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message ...
Digium Asterisk<13.38.0
Digium Asterisk>=14.0<16.15.0
Digium Asterisk>=17.0<17.9.0
Digium Asterisk>=18.0<18.1.0
CVE-2019-18610
An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without...
Digium Asterisk>=13.0.0<13.29.2
Digium Asterisk>=16.0.0<16.6.2
Digium Asterisk>=17.0.0<17.0.1
Digium Certified Asterisk=13.21.0
Digium Certified Asterisk=13.21.0-cert1
Digium Certified Asterisk=13.21.0-cert2
and 5 more
CVE-2019-18976
An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line ...
Digium Asterisk>=13.0.0<=13.29.1
Digium Certified Asterisk=13.21
Digium Certified Asterisk=13.21-cert1
Digium Certified Asterisk=13.21-cert2
Digium Certified Asterisk=13.21-cert3
Digium Certified Asterisk=13.21-cert4
and 1 more
CVE-2019-18790
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Certified Asterisk 13.21 before cert5. A SIP request can be sent...
Digium Asterisk>=13.0.0<13.29.2
Digium Asterisk>=16.0.0<16.6.2
Digium Asterisk>=17.0.0<17.0.1
Digium Certified Asterisk=13.21.0
Digium Certified Asterisk=13.21.0-cert1
Digium Certified Asterisk=13.21.0-cert2
and 5 more
CVE-2019-15297
res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. ...
Digium Asterisk>=15.0.0<=15.7.3
Digium Asterisk>=16.0.0<=16.5.0
debian/asterisk
CVE-2019-15639
main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario.
Digium Asterisk>=13.0.0<=13.28.0
Digium Asterisk>=16.0.0<=16.5.0
CVE-2019-13161
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip wh...
Digium Certified Asterisk=1.8.0.0
Digium Certified Asterisk=1.8.0.0-beta1
Digium Certified Asterisk=1.8.0.0-beta2
Digium Certified Asterisk=1.8.0.0-beta3
Digium Certified Asterisk=1.8.0.0-beta4
Digium Certified Asterisk=1.8.0.0-beta5
and 211 more
CVE-2016-7550
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
Digium Asterisk=13.10.0
debian/asterisk
CVE-2019-7251
An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asteris...
Digium Asterisk>=15.0.0<15.7.2
Digium Asterisk>=16.0.0<16.2.1
CVE-2018-19278
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, b...
Digium Asterisk=15.0.0
Digium Asterisk=15.0.0-b1
Digium Asterisk=15.0.0-rc1
Digium Asterisk=15.1.0
Digium Asterisk=15.1.0-rc1
Digium Asterisk=15.1.0-rc2
and 24 more
CVE-2018-17281
There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. I...
debian/asterisk<=1:13.22.0~dfsg-2<=1:13.14.1~dfsg-1
Digium Asterisk>=13.0.0<=13.23.0
Digium Asterisk>=14.0.0<=14.7.7
Digium Asterisk>=15.0.0<=15.6.0
Digium Certified Asterisk=11.6-cert12
Digium Certified Asterisk=11.6-cert13
and 29 more
CVE-2018-12227
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. ...
debian/asterisk
Digium Asterisk>=13.0.0<13.21.1
Digium Asterisk>14.0.0<14.7.7
Digium Asterisk>=15.0.0<15.4.1
Digium Certified Asterisk=13.18-cert1
Digium Certified Asterisk=13.18-cert2
and 3 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203