Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asterisk open source vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-37325
In Sangoma Asterisk up to and including 16.28.0, 17.x and 18.x up to and including 18.14.0, and 19.x up to and including 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash.
Sangoma Asterisk
Sangoma Asterisk 20.0.0
9.8
CVSSv3
CVE-2022-39244
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP before 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This is...
Pjsip Pjsip
9.1
CVSSv3
CVE-2022-39269
PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts al...
Pjsip Pjsip
6.5
CVSSv3
CVE-2021-46837
res_pjsip_t38 in Sangoma Asterisk 16.x prior to 16.16.2, 17.x prior to 17.9.3, and 18.x prior to 18.2.2, and Certified Asterisk prior to 16.8-cert7, allows an malicious user to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by...
Asterisk Certified Asterisk 16.8.0
Digium Asterisk
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use ST...
Teluu Pjsip
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-24792
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chu...
Teluu Pjsip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.5
CVSSv3
CVE-2022-26498
An issue exists in Asterisk up to and including 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, an...
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-26651
An issue exists in Asterisk up to and including 19.x and Certified Asterisk up to and including 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL que...
Digium Certified Asterisk 16.8
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2022-26499
An SSRF issue exists in Asterisk up to and including 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Digium Asterisk
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2022-24786
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A p...
Pjsip Pjsip
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »