CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35652
https://notcve.org/view.php?id=CVE-2020-35652
29 Jan 2021 — An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Se detectó un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a ... • https://downloads.asterisk.org/pub/security/AST-2020-003.html •
CVSS: 7.5EPSS: 64%CPEs: 7EXPL: 3CVE-2018-7284 – Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
https://notcve.org/view.php?id=CVE-2018-7284
22 Feb 2018 — A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. Se ha descub... • https://packetstorm.news/files/id/146577 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 88%CPEs: 15EXPL: 2CVE-2017-17090 – Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2017-17090
02 Dec 2017 — An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 1... • https://packetstorm.news/files/id/146299 • CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2014-8414 – Gentoo Linux Security Advisory 201412-51
https://notcve.org/view.php?id=CVE-2014-8414
24 Nov 2014 — ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media. ConfBridge en Asterisk 11.x anterior a 11.14.1 y Certified Asterisk 11.6 anterior a 11.6-cert8 no maneja debida mente los cambios de estado, lo que permite a atacantes remotos causar ... • http://downloads.asterisk.org/pub/security/AST-2014-014.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 7%CPEs: 13EXPL: 0CVE-2014-4048 – Asterisk Project Security Advisory - AST-2014-008
https://notcve.org/view.php?id=CVE-2014-4048
13 Jun 2014 — The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout. El controlador de canales PJSIP en Asterisk Open Source anterior a 12.3.1 permite a atacantes remotos causar una denegación de servicio (bloqueo) mediante la terminación de una solicitud de suscripción antes de que se haya completado, lo que provoca un timeout de la transacción SIP... • http://downloads.asterisk.org/pub/security/AST-2014-008.html •
CVSS: 7.5EPSS: 25%CPEs: 206EXPL: 0CVE-2012-5976 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5976
03 Jan 2013 — Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Multiples vulnerabilidades de consumo en Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, y v1... • http://downloads.asterisk.org/pub/security/AST-2012-014 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 206EXPL: 0CVE-2012-5977 – Gentoo Linux Security Advisory 201401-15
https://notcve.org/view.php?id=CVE-2012-5977
03 Jan 2013 — Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Asterisk Open Source v1.8.x anteriores a v1.8.19.1, v10.x anteriores a v10.11.1, ... • http://downloads.asterisk.org/pub/security/AST-2012-015 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2011-0495 – Debian Security Advisory 2171-1
https://notcve.org/view.php?id=CVE-2011-0495
20 Jan 2011 — Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. Desbordamiento de búfer basado en pila en la función ast_uri_encode, ... • http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 30%CPEs: 9EXPL: 1CVE-2009-2726 – Asterisk Project Security Advisory - Driver Crash
https://notcve.org/view.php?id=CVE-2009-2726
11 Aug 2009 — The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal char... • http://downloads.digium.com/pub/security/AST-2009-005.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 11%CPEs: 122EXPL: 0CVE-2008-3264 – AST-2008-011.txt
https://notcve.org/view.php?id=CVE-2008-3264
23 Jul 2008 — The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. La implementación FWDOWNL firmware-download en Asterisk Open Source 1.0.x, 1.2.x antes de 1.2.30 y 1.4.x antes de 1.4.21.2; Business E... • http://downloads.digium.com/pub/security/AST-2008-011.html • CWE-287: Improper Authentication •