asterisk

Top products

The 15 most recently published vulnerabilities affecting asterisk.

• CVE-2026-23739Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection2.0Feb 6, 2026
• CVE-2026-23738The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization3.5Feb 6, 2026
• CVE-2025-1131Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation7.8Sep 23, 2025
• CVE-2025-57767Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request7.5Aug 28, 2025
• CVE-2025-54995Asterisk remotely exploitable leak of RTP UDP ports and internal resources6.5Aug 28, 2025
• CVE-2025-49832Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation6.5Aug 1, 2025
• CVE-2025-47780cli_permissions.conf: deny option does not work for disallowing shell commands7.8May 22, 2025
• CVE-2025-47779Using malformed From header can forge identity with ";" or NULL in name portion7.7May 22, 2025
• CVE-2024-42491A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used5.7Sep 5, 2024
• CVE-2024-42365Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan7.4Aug 8, 2024
• CVE-2024-35190Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests5.8May 17, 2024
• CVE-2023-49786Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation7.5Dec 14, 2023
• CVE-2023-37457Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'7.5Dec 14, 2023
• CVE-2023-49294Asterisk Path Traversal vulnerability4.9Dec 14, 2023
• CVE-2021-46837res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=im...6.5Aug 30, 2022