pkg:Debian/asterisk

All known vulnerabilities

• CRITICAL9.8CVE-2026-40892PJSIP is a free and open source multimedia communication library written in C.
  from 0
• CRITICAL9.8CVE-2026-32945PJSIP is a free and open source multimedia communication library written in C.
  from 0
• CRITICAL9.8CVE-2026-25994PJSIP is a free and open source multimedia communication library written in C.
  from 0
• CRITICAL9.8Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function.
  from 0
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages.
  from 0, < 1:16.28.0~dfsg-0+deb11u4
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb10u2
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.8An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8Buffer overflow in PJSUA API when calling pjsua_call_dump.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8Stack overflow in PJSUA API when calling pjsua_playlist_create.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8Stack overflow in PJSUA API when calling pjsua_recorder_create.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8Stack overflow in PJSUA API when calling pjsua_player_create.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb10u1
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.8asterisk - security update
  from 0, < 1:1.8.13.1~dfsg1-3+deb7u7
• CRITICAL9.8asterisk - security update
  from 0, < 1:13.17.1~dfsg-1
• CRITICAL9.1PJSIP is a free and open source multimedia communication library written in C.
  from 0
• CRITICAL9.1PJSIP is a free and open source multimedia communication library written in C.
  from 0
• CRITICAL9.1PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• CRITICAL9.1An SSRF issue was discovered in Asterisk through 19.x.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.1Read out-of-bounds in PJSUA API when calling pjsua_recorder_create.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.1PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.1PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• CRITICAL9.1PJSIP is a free and open source multimedia communication library.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH8.8PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH8.8Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u9
• HIGH8.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u5
• HIGH8.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u5
• HIGH8.8asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u7
• HIGH8.8asterisk - security update
  from 0, < 1:16.10.0~dfsg-1
• HIGH8.8A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Aste…
  from 0, < 1:13.18.1~dfsg-1
• HIGH8.8Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.1…
  from 0, < 1:13.14.1~dfsg-1
• HIGH8.2asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u4
• HIGH8.2asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u4
• HIGH8.2asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb10u4
• HIGH8.1PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH7.8Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u9
• HIGH7.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u8
• HIGH7.8asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u8
• HIGH7.8Asterisk is an open-source private branch exchange (PBX).
  from 0, < 1:16.28.0~dfsg-0+deb11u7
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0
• HIGH7.5Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u4
• HIGH7.5ring - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u3
• HIGH7.5ring - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u3
• HIGH7.5ring - security update
  from 0, < 1:16.28.0~dfsg-0+deb10u3
• HIGH7.5In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/sr…
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH7.5An issue was discovered in Asterisk through 19.x.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH7.5pjproject - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH7.5PJSIP is a free and open source multimedia communication library written in C.
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• HIGH7.5asterisk - security update
  from 0, < 1:16.16.1~dfsg-1+deb11u1
• HIGH7.5asterisk - security update
  from 0, < 1:16.16.1~dfsg-1+deb11u1
• HIGH7.5asterisk - security update
  from 0, < 1:13.14.1~dfsg-2+deb9u5
• HIGH7.5An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 1…
  from 0, < 1:16.16.1~dfsg-1
• HIGH7.5An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x.
  from 0, < 1:16.1.1~dfsg-1
• HIGH7.5asterisk allows calls on prohibited networks
  from 0, < 1:1.6.2.0~rc3-2
• HIGH7.5asterisk 13.10.0 is affected by: denial of service issues in asterisk.
  from 0, < 1:13.11.2~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:13.23.1~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u6
• HIGH7.5A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk th…
  from 0, < 1:13.20.0~dfsg-1
• HIGH7.5An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older.
  from 0, < 1:13.18.5~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u5
• HIGH7.5asterisk - security update
  from 0, < 1:13.18.3~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:1.8.13.1~dfsg1-3+deb7u8
• HIGH7.5asterisk - security update
  from 0, < 1:13.17.2~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u4
• HIGH7.5asterisk - security update
  from 0, < 1:13.17.1~dfsg-1
• HIGH7.5asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u3
• HIGH7.5In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To,…
  from 0, < 1:13.17.1~dfsg-1
• HIGH7.5A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 be…
  from 0, < 1:13.14.1~dfsg-2
• HIGH7.5chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-…
  from 0, < 1:13.11.2~dfsg-1
• HIGH7.5The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0…
  from 0, < 1:1.4.9~dfsg-1
• HIGH7.3PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, S…
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• MEDIUM6.5PJSIP is a free and open source multimedia communication library.
  from 0
• MEDIUM6.5Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u9
• MEDIUM6.5Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u8
• MEDIUM6.5asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u7
• MEDIUM6.5asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u7
• MEDIUM6.5A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated at…
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• MEDIUM6.5res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7…
  from 0, < 1:16.28.0~dfsg-0+deb11u1
• MEDIUM6.5A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to cras…
  from 0, < 1:16.16.1~dfsg-1
• MEDIUM6.5An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0,…
  from 0, < 1:16.15.1~dfsg-1
• MEDIUM6.5An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Ce…
  from 0, < 1:16.15.0~dfsg-1
• MEDIUM6.5An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and Cer…
  from 0, < 1:16.10.0~dfsg-1
• MEDIUM6.5res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined str…
  from 0, < 1:16.10.0~dfsg-1
• MEDIUM6.5Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authentic…
  from 0, < 1:16.2.1~dfsg-2
• MEDIUM6.5An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 a…
  from 0, < 1:16.2.1~dfsg-1
• MEDIUM6.5An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cer…
  from 0, < 1:13.20.0~dfsg-1
• MEDIUM6.5Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 1…
  from 0, < 1:13.7.2~dfsg-1
• MEDIUM6.1asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u9
• MEDIUM6.1asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u9
• MEDIUM5.9PJSIP is a free and open source multimedia communication library written in C.
  from 0
• MEDIUM5.9Asterisk is an open source private branch exchange and telephony toolkit.
  from 0, < 1:16.28.0~dfsg-0+deb11u4
• MEDIUM5.9ring - security update
  from 0, < 1:16.16.1~dfsg-1+deb11u1
• MEDIUM5.9An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.…
  from 0, < 1:16.16.1~dfsg-1
• MEDIUM5.9A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified A…
  from 0, < 1:13.18.5~dfsg-1
• MEDIUM5.9An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 befo…
  from 0, < 1:13.18.1~dfsg-1
• MEDIUM5.9chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-c…
  from 0, < 1:13.7.2~dfsg-1
• MEDIUM5.7Asterisk is an open-source private branch exchange (PBX).
  from 0, < 1:16.28.0~dfsg-0+deb11u5
• MEDIUM5.5asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u6
• MEDIUM5.5asterisk - security update
  from 0, < 1:16.28.0~dfsg-0+deb11u6
• MEDIUM5.3PJSIP is a free and open source multimedia communication library written in C.
  from 0
• MEDIUM5.3A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x bef…
  from 0, < 1:16.15.0~dfsg-1
• MEDIUM5.3asterisk - security update
  from 0, < 1:13.14.1~dfsg-2+deb9u6
• MEDIUM5.3asterisk - security update
  from 0, < 1:16.2.1~dfsg-2
• MEDIUM5.3asterisk - security update
  from 0, < 1:13.22.0~dfsg-1
• MEDIUM5.3asterisk - security update
  from 0, < 1:13.14.1~dfsg-2+deb9u4
• MEDIUM5.3An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.…
  from 0, < 1:13.13.1~dfsg-1
• MEDIUM4.9An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1.
  from 0, < 1:16.28.0~dfsg-0+deb11u2
• —PJSIP is a free and open source multimedia communication library.
  from 0
• —Asterisk is an open source private branch exchange and telephony toolkit.
  from 0
• —asterisk - security update
  from 0, < 1:13.7.2~dfsg-1
• —asterisk - security update
  from 0, < 1:11.13.1~dfsg-2+deb8u1
• —Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, w…
  from 0, < 1:13.1.0~dfsg-1.1
• —Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7…
  from 0, < 1:13.1.0~dfsg-1
• —Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spand…
  from 0, < 1:11.12.1~dfsg-1
• —The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and…
  from 0, < 1:13.1.0~dfsg-1
• —ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows…
  from 0, < 1:13.1.0~dfsg-1
• —Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the…
  from 0, < 1:13.1.0~dfsg-1
• —Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers t…
  from 0, < 1:13.1.0~dfsg-1
• —ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allo…
  from 0, < 1:13.1.0~dfsg-1
• —The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined i…
  from 0, < 1:13.1.0~dfsg-1
• —The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x befor…
  from 0, < 1:13.1.0~dfsg-1
• —Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 a…
  from 0, < 1:11.10.2~dfsg-1
• —Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated M…
  from 0, < 1:11.10.2~dfsg-1
• —asterisk - security update
  from 0, < 1:11.8.1~dfsg-1
• —asterisk - security update
  from 0, < 1:1.8.13.1~dfsg1-3+deb7u5
• —asterisk - security update
  from 0, < 1:1.8.13.1~dfsg1-3+deb7u4
• —asterisk - security update
  from 0, < 1:11.8.1~dfsg-1
• —asterisk - buffer overflow
  from 0, < 1:11.7.0~dfsg-1
• —asterisk - buffer overflow
  from 0, < 1:1.6.2.9-2+squeeze12
• —The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Ce…
  from 0, < 1:11.5.1~dfsg-1
• —asterisk - several
  from 0, < 1:11.5.1~dfsg-1
• —asterisk - several
  from 0, < 1:1.6.2.9-2+squeeze11
• —main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asteri…
  from 0, < 1:1.8.13.1~dfsg-2
• —The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.1…
  from 0, < 1:1.8.13.1~dfsg-2
• —Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; an…
  from 0, < 1:1.8.13.1~dfsg-2
• —asterisk - several issues
  from 0, < 1:1.8.13.1~dfsg-2
• —asterisk - several issues
  from 0, < 1:1.6.2.9-2+squeeze9
• —Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allow…
  from 0, < 1:1.8.10.0~dfsg-1
• —asterisk - several
  from 0, < 1:1.8.10.0~dfsg-1
• —asterisk - several
  from 0, < 1:1.6.2.9-2+squeeze5
• —channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, A…
  from 0, < 1:1.8.13.1~dfsg-1
• —asterisk - several
  from 0, < 1:1.6.2.9-2+squeeze7
• —asterisk - several
  from 0, < 1:1.8.13.1~dfsg-1
• —Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk…
  from 0, < 1:1.8.13.1~dfsg-1
• —channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, C…
  from 0, < 1:1.8.13.1~dfsg-1
• —chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x…
  from 0, < 1:1.8.13.0~dfsg-1
• —asterisk - denial of service
  from 0, < 1:1.8.13.0~dfsg-1
• —asterisk - denial of service
  from 0, < 1:1.6.2.9-2+squeeze6
• —chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3…
  from 0, < 1:1.8.11.1~dfsg-1
• —Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.…
  from 0, < 1:1.8.11.1~dfsg-1
• —main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and…
  from 0, < 1:1.8.11.1~dfsg-1
• —chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is impro…
  from 0, < 1:1.8.8.2~dfsg-1
• —The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when auto…
  from 0, < 1:1.8.8.0~dfsg-1
• —asterisk - several
  from 0, < 1:1.8.8.0~dfsg-1
• —asterisk - several
  from 0, < 1:1.6.2.9-2+squeeze4
• —chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize v…
  from 0, < 1:1.8.7.1~dfsg-1
• —curl - several
  from 0, < 1:13.7.2~dfsg-1
• —The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not…
  from 0, < 1:1.8.3.3-1
• —reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of servic…
  from 0, < 1:1.8.4.3-1
• —chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, an…
  from 0, < 1:1.8.4.4~dfsg-1
• —chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3,…
  from 0, < 1:1.8.4.3-1
• —asterisk - multiple issues
  from 0, < 1:1.6.2.9-2+squeeze3
• —asterisk - multiple issues
  from 0, < 1:1.6.2.9-2+squeeze3
• —asterisk - multiple issues
  from 0, < 1:1.8.4.3-1
• —reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows r…
  from 0, < 1:1.8.4.2-1
• —manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1…
  from 0, < 1:1.8.3.3-1
• —Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Busin…
  from 0, < 1:1.8.3.3-1
• —tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows…
  from 0, < 1:1.8.3.3-1
• —manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to c…
  from 0, < 1:1.8.3.3-1
• —asterisk - several
  from 0, < 1:1.8.3.3-1
• —asterisk - several
  from 0, < 1:1.4.21.2~dfsg-3+lenny2.1
• —asterisk - buffer overflow
  from 0, < 1:1.6.2.9-2+squeeze1
• —asterisk - buffer overflow
  from 0, < 1:1.6.2.9-2+squeeze1
• —main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce r…
  from 0, < 1:1.6.2.6-1
• —The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, wh…
  from 0, < 1:1.6.2.6-1
• —Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2,…
  from 0, < 1:1.6.2.2-1
• —rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Ed…
  from 0, < 1:1.6.2.0~rc7-1
• —Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.…
  from 0, < 1:1.6.2.0~rc6-1
• —Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests…
  from 0, < 1:1.6.2.0~rc3-1
• —The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x b…
  from 0, < 1:1.6.2.0~dfsg~beta3-1
• —The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.…
  from 0, < 1:1.6.2.0~dfsg~rc1-1
• —main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame…
  from 0, < 1:1.6.2.0~dfsg~rc1-1
• —IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x befo…
  from 0, < 1:1.6.1.0~dfsg~rc3-1
• —Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows rem…
  from 0, < 1:1.4.0~dfsg-1
• —Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before…
  from 0, < 1:1.6.1.0~dfsg-1
• —The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Editio…
  from 0, < 1:1.4.21.2~dfsg-1
• —The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x…
  from 0, < 1:1.4.21.2~dfsg-1
• —Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedantic…
  from 0, < 1.4
• —The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthent…
  from 0, < 1:1.4.19.1~dfsg-1
• —asterisk - denial of service
  from 0, < 1:1.2.13~dfsg-2etch4
• —asterisk - denial of service
  from 0, < 1:1.4.19.1~dfsg-1
• —Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edit…
  from 0, < 1:1.4.18.1~dfsg-1
• —The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1…
  from 0, < 1:1.4.19.1~dfsg-1
• —Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x…
  from 0, < 1:1.4.18.1~dfsg-1
• —Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via log…
  from 0, < 1:1.4.18.1~dfsg-1
• —The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Applianc…
  from 0, < 1:1.4.17~dfsg-1
• —asterisk
  from 0, < 1:1.4.16.2~dfsg-1
• —asterisk
  from 0, < 1:1.2.13~dfsg-2etch3
• —SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 a…
  from 0, < 1:1.4.15~dfsg-1
• —asterisk - SQL injection
  from 0, < 1:1.4.15~dfsg-1
• —asterisk - SQL injection
  from 0, < 1:1.0.7.dfsg.1-2sarge6
• —Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote a…
  from 0, < 1:1.4.13~dfsg-1
• —The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0…
  from 0, < 1:1.4.11~dfsg-1
• —The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7…
  from 0, < 1:1.4.10~dfsg-1
• —Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition befor…
  from 0, < 1:1.4.8~dfsg-1
• —The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before b…
  from 0, < 1:1.4.8~dfsg-1
• —The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW befo…
  from 0, < 1:1.4.8~dfsg-1
• —The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.…
  from 0, < 1:1.4.8~dfsg-1
• —The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to tri…
  from 0, < 1:1.4.5~dfsg-1
• —asterisk - several vulnerabilities
  from 0, < 1:1.4.21.2~dfsg-3+lenny1
• —asterisk - several vulnerabilities
  from 0, < 1:1.6.2.0~rc3-1
• —The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not cont…
  from 0, < 1:1.4.2~dfsg-1
• —Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3…
  from 0, < 1:1.4.3~dfsg-1
• —The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by usin…
  from 0, < 1:1.4.3~dfsg-1
• —The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to…
  from 0, < 1:1.4.0~dfsg-1
• —The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP…
  from 0, < 1:1.4.2~dfsg-5
• —asterisk
  from 0, < 1:1.2.16~dfsg-1
• —asterisk
  from 0, < 1:1.2.13~dfsg-2etch1
• —Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allo…
  from 0, < 1:1.2.13~dfsg-1
• —asterisk
  from 0, < 1:1.0.7.dfsg.1-2sarge4
• —asterisk
  from 0, < 1:1.2.13~dfsg-1
• —Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attacker…
  from 0, < 1:1.2.11.dfsg-1
• —Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary cod…
  from 0, < 1:1.2.11.dfsg-1
• —asterisk - several
  from 0, < 1:1.2.10.dfsg-2
• —asterisk - several
  from 0, < 1:1.0.7.dfsg.1-2sarge3
• —Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length valu…
  from 0, < 1:1.2.7.1.dfsg-1
• —asterisk - several vulnerabilities
  from 0, < 1:1.2.7.1.dfsg-2
• —asterisk - several vulnerabilities
  from 0, < 0.1.11-3woody1
• —Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows re…
  from 0, < 1:1.0.9.dfsg-1
• —SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary…
  from 0, < 0.7.0
• —Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases be…
  from 0, < 0.5.0