VYPR

Asterisk Open Source

by Asterisk

CVEs (13)

  • CVE-2017-7617HigApr 10, 2017
    Digium
    Asterisk
    risk 0.59cvss 8.8epss 0.22

    Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a buffer overflow in a CDR user field, related to X-ClientCode in chan_sip, the CDR dialplan function, and the AMI…

  • CVE-2017-16671HigNov 9, 2017
    Digium
    Asterisk
    risk 0.57cvss 8.8epss 0.04

    A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone…

  • CVE-2017-9372HigJun 2, 2017
    Asterisk
    Certified Asterisk
    risk 0.49cvss 7.5epss 0.04

    PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq…

  • CVE-2017-9359HigJun 2, 2017
    Asterisk
    Certified Asterisk
    risk 0.49cvss 7.5epss 0.00

    The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a…

  • CVE-2017-9358HigJun 2, 2017
    Freepbx
    Asterisk
    risk 0.49cvss 7.5epss 0.01

    A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion…

  • CVE-2016-7551HigApr 17, 2017
    Debian
    Debian Linux
    risk 0.49cvss 7.5epss 0.07

    chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote attackers to cause a denial of service (port exhaustion).

  • CVE-2016-2232MedFeb 22, 2016
    Digium
    Asterisk
    risk 0.43cvss 6.5epss 0.08

    Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero…

  • CVE-2016-2316MedFeb 22, 2016
    Fedoraproject
    Fedora
    risk 0.38cvss 5.9epss 0.01

    chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to…

  • CVE-2015-1558Feb 9, 2015
    Asterisk
    Asterisk Open Source
    risk 0.01cvss epss 0.16

    Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only…

  • CVE-2014-2288Apr 18, 2014
    Digium
    Asterisk
    risk 0.01cvss epss 0.07

    The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server challenges for authentication of the resulting OPTIONS request," allows remote attackers to cause a denial of service (crash) via a PJSIP…

  • CVE-2014-6610Nov 26, 2014
    Digium
    Asterisk
    risk 0.00cvss epss 0.02

    Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled…

  • CVE-2014-8412Nov 24, 2014
    Digium
    Asterisk
    risk 0.00cvss epss 0.01

    The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows…

  • CVE-2014-2287Apr 18, 2014
    Fedoraproject
    Fedora
    risk 0.00cvss epss 0.05

    channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause…