Asterisk CVE - Yack CVE

Filtered by vendor Asterisk

Total 52 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-3264	1 Asterisk	5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more	2025-04-09	7.8 HIGH	N/A
The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.
CVE-2007-5690	1 Asterisk	1 Zaptel	2025-04-09	4.6 MEDIUM	N/A
Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might allow local users to gain privileges via a long device name (interface name) in the ifr_name field. NOTE: the vendor disputes this issue, stating that the application requires root access, so privilege boundaries are not crossed
CVE-2008-1897	1 Asterisk	5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more	2025-04-09	4.3 MEDIUM	N/A
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplific ... Show More
CVE-2007-1561	1 Asterisk	1 Asterisk	2025-04-09	7.8 HIGH	N/A
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.
CVE-2009-0041	1 Asterisk	3 Asterisk Business Edition, Open Source, S800i Appliance	2025-04-09	5.0 MEDIUM	N/A
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
CVE-2008-0095	1 Asterisk	5 Asterisk Appliance Developer Kit, Asterisk Business Edition, Asterisknow and 2 more	2025-04-09	5.0 MEDIUM	N/A
The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.
CVE-2008-3903	2 Asterisk, Trixbox	2 P B X, Pbx	2025-04-09	3.5 LOW	N/A
Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2007-1595	1 Asterisk	1 Asterisk	2025-04-09	7.5 HIGH	N/A
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.
CVE-2008-5744	1 Asterisk	1 Zaptel	2025-04-09	7.2 HIGH	N/A
Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to an incorrect tor2 patch for CVE-2008-5396 that uses the wrong variable in a range check against the value of lc->sync.
CVE-2007-3765	1 Asterisk	4 Asterisk, Asterisk Appliance Developer Kit, Asterisknow and 1 more	2025-04-09	5.0 MEDIUM	N/A
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.
CVE-2021-46837	3 Asterisk, Debian, Digium	3 Certified Asterisk, Debian Linux, Asterisk	2024-11-21	N/A	6.5 MEDIUM
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operati ... Show More
CVE-2020-28242	4 Asterisk, Debian, Fedoraproject and 1 more	4 Certified Asterisk, Debian Linux, Fedora and 1 more	2024-11-21	4.0 MEDIUM	6.5 MEDIUM
An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. ... Show More

Vulnerabilities (CVE)