CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 6CVE-2023-49786 – Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
https://notcve.org/view.php?id=CVE-2023-49786
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerabl... • https://packetstorm.news/files/id/176251 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-37457 – Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
https://notcve.org/view.php?id=CVE-2023-37457
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an out... • https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 1CVE-2023-49294 – Asterisk Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-49294
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Asterisk es un conjunto de herramientas de telefonía y centralita pri... • https://packetstorm.news/files/id/177819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2021-46837 – Debian Security Advisory 5285-1
https://notcve.org/view.php?id=CVE-2021-46837
30 Aug 2022 — res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. La funci... • https://downloads.asterisk.org/pub/security/AST-2021-006.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-26498 – Shannon Baseband chatroom SDP Attribute Memory Corruption
https://notcve.org/view.php?id=CVE-2022-26498
15 Apr 2022 — An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. Se ha detectado un problema en Asterisk versiones hasta 19.x. • https://packetstorm.news/files/id/172139 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26499 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2022-26499
15 Apr 2022 — An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2. Se ha detectado un problema de tipo SSRF en Asterisk versiones hasta 19.x. Cuando es usado STIR/SHAKEN, es posible enviar peticiones arbitrarias (como GET) a interfaces como localhost usando el encabezado Identity. • http://packetstormsecurity.com/files/166745/Asterisk-Project-Security-Advisory-AST-2022-002.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 26EXPL: 0CVE-2022-26651 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2022-26651
15 Apr 2022 — An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14. Se ha detectado un problema en Asterisk versiones hast 19.x y Certified Asterisk versiones hasta 16.8-cert13. El módulo func_odbc proporciona una funcio... • http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-31878 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-31878
22 Jul 2021 — An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request. Se ha detectado un problema en PJSIP en Asterisk versiones anteriores a 16.19.1 y versiones anteriores a 18.5.1. Para explotarlo, se debe recibir un re-INVITE sin SDP después de que Asterisk haya enviado una petición BYE When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to th... • http://downloads.asterisk.org/pub/security/AST-2021-007.html • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 1CVE-2021-32558 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-32558
22 Jul 2021 — An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur. Se ha detectado un problema en Sangoma Asterisk versiones: 13.x anteriores a 13.38.3, versiones 16.x anteriores a 16.19.1, versiones 17.x anteriores a 17.9.4, y versiones 18.x anteriores a 18.5.1, y Certified Asterisk versiones ante... • http://packetstormsecurity.com/files/163639/Asterisk-Project-Security-Advisory-AST-2021-008.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2021-26713 – Gentoo Linux Security Advisory 202412-03
https://notcve.org/view.php?id=CVE-2021-26713
19 Feb 2021 — A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch. Un desbordamiento del búfer en la región stack de la memoria en el archivo res_rtp_asterisk.c en Sangoma Asterisk versiones anteriores a 16.16.1, versiones 17.x ... • https://downloads.asterisk.org/pub/security • CWE-787: Out-of-bounds Write •