CVE Tools

digium

CommunicationsUScommercial

98

Cumulative CVEs

46

Monthly snapshots

#15

Peak rank

Top products

asterisk3 certified asterisk1

Latest CVEs

The 15 most recently published vulnerabilities affecting digium.

CVE-2023-49786Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation7.5Dec 14, 2023
CVE-2023-37457Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'7.5Dec 14, 2023
CVE-2023-49294Asterisk Path Traversal vulnerability4.9Dec 14, 2023
CVE-2021-46837res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=im...6.5Aug 30, 2022
CVE-2022-26651An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL...9.8Apr 15, 2022
CVE-2022-26499An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. T...9.1Apr 15, 2022
CVE-2022-26498An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to ...7.5Apr 15, 2022
CVE-2021-32558An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driv...7.5Jul 27, 2021
CVE-2021-31878An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.6.5Jul 27, 2021
CVE-2021-26713A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated W...6.5Feb 19, 2021
CVE-2021-26712Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate s...7.5Feb 18, 2021
CVE-2020-35776A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.6.5Feb 18, 2021
CVE-2021-26906An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through...5.9Feb 18, 2021
CVE-2021-26717An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial re...7.5Feb 18, 2021
CVE-2020-35652An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP messa...6.5Jan 29, 2021