Digium Asterisk
63 CVEs affecting Digium Asterisk. Latest disclosed: 2017-12-27. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-14100 | Critical | 9.8 | 2017-09-02 | In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauth… |
CVE-2017-16671 | High | 8.8 | 2017-11-09 | A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13… |
CVE-2017-7617 | High | 8.8 | 2017-04-10 | Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before 13.13-cert3 because of a… |
CVE-2017-17850 | High | 7.5 | 2017-12-27 | An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dia… |
CVE-2017-17090 | High | 7.5 | 2017-12-02 | An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7… |
CVE-2017-14603 | High | 7.5 | 2017-10-10 | In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insuff… |
CVE-2017-14099 | High | 7.5 | 2017-09-02 | In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x… |
CVE-2017-14098 | High | 7.5 | 2017-09-02 | In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header co… |
CVE-2016-7551 | High | 7.5 | 2017-04-17 | chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before 13.8-cert3 allows remote… |
CVE-2016-9937 | High | 7.5 | 2016-12-12 | An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus… |
CVE-2016-2232 | Medium | 6.5 | 2016-02-22 | Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert… |
CVE-2017-17664 | Medium | 5.9 | 2017-12-13 | A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13… |
CVE-2017-16672 | Medium | 5.9 | 2017-11-09 | An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A me… |
CVE-2016-2316 | Medium | 5.9 | 2016-02-22 | chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 befo… |
CVE-2016-9938 | Medium | 5.3 | 2016-12-12 | An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16… |
CVE-2015-3008 | | 2015-04-10 | Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28 before 1.8.28-cert5, 11… | |
CVE-2015-1558 | | 2015-02-09 | Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote a… | |
CVE-2014-9374 | | 2014-12-12 | Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before… | |
CVE-2014-6610 | | 2014-11-26 | Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows re… | |
CVE-2014-6609 | | 2014-11-26 | The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted heade… |