CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42491 – A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
https://notcve.org/view.php?id=CVE-2024-42491
05 Sep 2024 — Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are ... • https://github.com/asterisk/asterisk/commit/42a2f4ccfa2c7062a15063e765916b3332e34cc4 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 34%CPEs: 5EXPL: 1CVE-2024-42365 – Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan
https://notcve.org/view.php?id=CVE-2024-42365
08 Aug 2024 — Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privil... • https://packetstorm.news/files/id/182935 • CWE-267: Privilege Defined With Unsafe Actions CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 6CVE-2023-49786 – Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
https://notcve.org/view.php?id=CVE-2023-49786
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asterisk prior to 18.9-cert6; Asterisk is susceptible to a DoS due to a race condition in the hello handshake phase of the DTLS protocol when handling DTLS-SRTP for media setup. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerabl... • https://packetstorm.news/files/id/176251 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.5EPSS: 0%CPEs: 31EXPL: 0CVE-2023-37457 – Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'
https://notcve.org/view.php?id=CVE-2023-37457
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an out... • https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 1CVE-2023-49294 – Asterisk Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2023-49294
14 Dec 2023 — Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the `live_dangerously` is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue. Asterisk es un conjunto de herramientas de telefonía y centralita pri... • https://packetstorm.news/files/id/177819 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-35652
https://notcve.org/view.php?id=CVE-2020-35652
29 Jan 2021 — An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. Se detectó un problema en el archivo res_pjsip_diversion.c en Sangoma Asterisk versiones anteriores a 13.38.0, versiones 14.x hasta 16.x versiones anteriores a ... • https://downloads.asterisk.org/pub/security/AST-2020-003.html •
CVSS: 7.5EPSS: 73%CPEs: 7EXPL: 3CVE-2018-7284 – Asterisk chan_pjsip 15.2.0 - 'SUBSCRIBE' Stack Corruption
https://notcve.org/view.php?id=CVE-2018-7284
22 Feb 2018 — A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash. Se ha descub... • https://packetstorm.news/files/id/146577 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 90%CPEs: 15EXPL: 2CVE-2017-17090 – Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2017-17090
02 Dec 2017 — An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind. Se ha descubierto un problema en chan_skinny.c en Asterisk Open Source en versiones 13.18.2 y anteriores, 1... • https://packetstorm.news/files/id/146299 • CWE-459: Incomplete Cleanup •
CVSS: 6.5EPSS: 8%CPEs: 288EXPL: 0CVE-2016-2232 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2016-2232
22 Feb 2016 — Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7.1 y Certified Asterisk 1.8.28, 11.6 en ver... • http://downloads.asterisk.org/pub/security/AST-2016-003.html •
CVSS: 7.1EPSS: 0%CPEs: 290EXPL: 1CVE-2016-2316 – Debian Security Advisory 3700-1
https://notcve.org/view.php?id=CVE-2016-2316
22 Feb 2016 — chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. chan_sip en Asterisk Open Source 1.8.x, 11.x en versiones anteriores a 11.21.1, 12.x y 13.x en versiones anteriores a 13.7... • http://downloads.asterisk.org/pub/security/AST-2016-002.html • CWE-191: Integer Underflow (Wrap or Wraparound) •