← Back

Asterisk

asterisk

52 CVEs • 15 products

Products (15)

Click to collapse
Toggle
Open Source
open_source
22 CVEs
Asterisk
asterisk
20 CVEs
Asterisk Appliance Developer Kit
asterisk_appliance_developer_kit
13 CVEs
Asterisknow
asterisknow
13 CVEs
Asterisk Business Edition
asterisk_business_edition
11 CVEs
Certified Asterisk
certified_asterisk
11 CVEs
S800i
s800i
7 CVEs
S800i Appliance
s800i_appliance
5 CVEs
Zaptel
zaptel
3 CVEs
Digiumphones
digiumphones
3 CVEs
Asterisk Addons
asterisk-addons
2 CVEs
Business Edition
business_edition
2 CVEs
P B X
p_b_x
1 CVE
Opensource
opensource
1 CVE
Appliance S800i
appliance_s800i
1 CVE

CVEs (52)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-4280
1Asterisk
4Asterisk
Asterisk Appliance Developer KitAsterisknow+1 more
Apr 23, 2026
Aug 9, 2007
N/A· v4
N/A· v3
3.5 LOW· v2
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a...Show more
The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.Show less
CVE-2007-3765
1Asterisk
4Asterisk
Asterisk Appliance Developer KitAsterisknow+1 more
Apr 23, 2026
Jul 18, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted ST...Show more
The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.Show less
CVE-2007-3764
1Asterisk
4Asterisk
Asterisk Appliance Developer KitAsterisknow+1 more
Apr 23, 2026
Jul 18, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows rem...Show more
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."Show less
CVE-2007-3763
1Asterisk
4Asterisk
Asterisk Appliance Developer KitAsterisknow+1 more
Apr 23, 2026
Jul 18, 2007
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote...Show more
The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.Show less
CVE-2007-3762
1Asterisk
4Asterisk
Asterisk Appliance Developer KitAsterisknow+1 more
Apr 23, 2026
Jul 18, 2007
N/A· v4
N/A· v3
9.3 HIGH· v2
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s8...Show more
Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.Show less
CVE-2007-2488
1Asterisk
1Asterisk
Apr 23, 2026
May 7, 2007
N/A· v4
N/A· v3
10.0 HIGH· v2
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory...Show more
The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.Show less
CVE-2007-2297
1Asterisk
1Asterisk
Apr 23, 2026
Apr 26, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of ser...Show more
The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).Show less
CVE-2007-2294
1Asterisk
1Asterisk
Apr 23, 2026
Apr 26, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined...Show more
The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.Show less
CVE-2007-2293
1Asterisk
1Asterisk
Apr 23, 2026
Apr 26, 2007
N/A· v4
N/A· v3
7.6 HIGH· v2
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManage...Show more
Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.Show less
CVE-2007-1595
1Asterisk
1Asterisk
Apr 23, 2026
Mar 22, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid...Show more
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.Show less
CVE-2007-1594
1Asterisk
1Asterisk
Apr 23, 2026
Mar 22, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet.
CVE-2007-1561
1Asterisk
1Asterisk
Apr 23, 2026
Mar 21, 2007
N/A· v4
N/A· v3
7.8 HIGH· v2
The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.