CVE Tools

digium, inc.

CommunicationsUScommercial

5

Cumulative CVEs

2

Monthly snapshots

#61

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting digium, inc..

CVE-2025-1131Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation7.8Sep 23, 2025
CVE-2025-54995Asterisk remotely exploitable leak of RTP UDP ports and internal resources6.5Aug 28, 2025
CVE-2025-47779Using malformed From header can forge identity with ";" or NULL in name portion7.7May 22, 2025
CVE-2024-42491A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used5.7Sep 5, 2024
CVE-2024-42365Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan7.4Aug 8, 2024
CVE-2023-49786Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation7.5Dec 14, 2023
CVE-2023-37457Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'7.5Dec 14, 2023
CVE-2023-49294Asterisk Path Traversal vulnerability4.9Dec 14, 2023
CVE-2021-32558An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driv...7.5Jul 27, 2021
CVE-2021-31878An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request.6.5Jul 27, 2021
CVE-2021-32686Denial of Service in PJSIP5.9Jul 23, 2021
CVE-2019-18976An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c li...7.5Nov 22, 2019
CVE-2017-14100In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. ...9.8Sep 2, 2017
CVE-2016-2316chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.co...5.9Feb 22, 2016
CVE-2016-2232Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to ...6.5Feb 22, 2016