Information on source package asterisk

Available versions

ReleaseVersion
jessie1:11.13.1~dfsg-2+deb8u8
stretch1:13.14.1~dfsg-2+deb9u9
stretch (security)1:13.14.1~dfsg-2+deb9u6
buster1:16.2.1~dfsg-1+deb10u2
buster (security)1:16.28.0~dfsg-0+deb10u4
bullseye1:16.28.0~dfsg-0+deb11u3
bullseye (security)1:16.28.0~dfsg-0+deb11u4
sid1:20.6.0~dfsg+~cs6.13.40431414-2

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2023-49786vulnerablevulnerable (no DSA, ignored)fixedfixedfixedAsterisk is an open source private branch exchange and telephony toolk ...
CVE-2023-49294vulnerablefixedfixedfixedfixedAsterisk is an open source private branch exchange and telephony toolk ...
CVE-2023-38703vulnerablefixedfixedfixedvulnerablePJSIP is a free and open source multimedia communication library writt ...
CVE-2023-37457vulnerablefixedfixedfixedvulnerableAsterisk is an open source private branch exchange and telephony toolk ...
CVE-2023-27585vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-42706vulnerablefixedfixedfixedfixedAn issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...
CVE-2022-42705vulnerablevulnerable (no DSA)fixedfixedfixedA use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...
CVE-2022-39269vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-39244vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-37325vulnerablefixedfixedfixedfixedIn Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...
CVE-2022-31031vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-26651vulnerablefixedfixedfixedfixedAn issue was discovered in Asterisk through 19.x and Certified Asteris ...
CVE-2022-26499vulnerablefixedfixedfixedfixedAn SSRF issue was discovered in Asterisk through 19.x. When using STIR ...
CVE-2022-26498vulnerablefixedfixedfixedfixedAn issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...
CVE-2022-24793vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-24792vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-24786vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-24764vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-24763vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-24754vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-23608vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-23547vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-23537vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-21723vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2022-21722vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2021-46837vulnerablefixedfixedfixedfixedres_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17. ...
CVE-2021-43845vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library. In v ...
CVE-2021-43804vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2021-43303vulnerablefixedfixedfixedfixedBuffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...
CVE-2021-43302vulnerablefixedfixedfixedfixedRead out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...
CVE-2021-43301vulnerablefixedfixedfixedfixedStack overflow in PJSUA API when calling pjsua_playlist_create. An att ...
CVE-2021-43300vulnerablefixedfixedfixedfixedStack overflow in PJSUA API when calling pjsua_recorder_create. An att ...
CVE-2021-43299vulnerablefixedfixedfixedfixedStack overflow in PJSUA API when calling pjsua_player_create. An attac ...
CVE-2021-37706vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2021-32686vulnerablefixedfixedfixedfixedPJSIP is a free and open source multimedia communication library writt ...
CVE-2021-32558vulnerablefixedfixedfixedfixedAn issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...
CVE-2021-26906vulnerablefixedfixedfixedfixedAn issue was discovered in res_pjsip_session.c in Digium Asterisk thro ...
CVE-2021-26717vulnerablefixedfixedfixedfixedAn issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x ...
CVE-2020-35776vulnerablefixedfixedfixedfixedA buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...
CVE-2020-35652vulnerablevulnerable (no DSA)fixedfixedfixedAn issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk b ...
CVE-2020-28327vulnerablevulnerable (no DSA)fixedfixedfixedA res_pjsip_session crash was discovered in Asterisk Open Source 13.x ...
CVE-2020-28242vulnerablefixedfixedfixedfixedAn issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...
CVE-2019-15297fixedvulnerable (no DSA, ignored)fixedfixedfixedres_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 1 ...
CVE-2019-13161vulnerable (no DSA, postponed)fixedfixedfixedfixedAn issue was discovered in Asterisk Open Source through 13.27.0, 14.x ...
CVE-2019-12827fixedvulnerable (no DSA, ignored)fixedfixedfixedBuffer overflow in res_pjsip_messaging in Digium Asterisk versions 13. ...

Resolved issues

BugDescription
TEMP-0000000-964ED9AST-2016-005
CVE-2021-31878An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...
CVE-2021-26713A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asteris ...
CVE-2021-26712Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 1 ...
CVE-2019-18976An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through ...
CVE-2019-18790An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...
CVE-2019-18610An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...
CVE-2019-15639main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remot ...
CVE-2019-7251An Integer Signedness issue (for a return code) in the res_pjsip_sdp_r ...
CVE-2018-19278Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x b ...
CVE-2018-17281There is a stack consumption vulnerability in the res_http_websocket.s ...
CVE-2018-12228An issue was discovered in Asterisk Open Source 15.x before 15.4.1. Wh ...
CVE-2018-12227An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 1 ...
CVE-2018-7287An issue was discovered in res_http_websocket.c in Asterisk 15.x throu ...
CVE-2018-7286An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7 ...
CVE-2018-7285A NULL pointer access issue was discovered in Asterisk 15.x through 15 ...
CVE-2018-7284A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14 ...
CVE-2017-17850An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and olde ...
CVE-2017-17664A Remote Crash issue was discovered in Asterisk Open Source 13.x befor ...
CVE-2017-17090An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18 ...
CVE-2017-16672An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...
CVE-2017-16671A Buffer Overflow issue was discovered in Asterisk Open Source 13 befo ...
CVE-2017-14603In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...
CVE-2017-14100In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...
CVE-2017-14099In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...
CVE-2017-14098In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17. ...
CVE-2017-9358A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...
CVE-2017-7617Remote code execution can occur in Asterisk Open Source 13.x before 13 ...
CVE-2016-9938An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 1 ...
CVE-2016-9937An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...
CVE-2016-7551chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...
CVE-2016-7550asterisk 13.10.0 is affected by: denial of service issues in asterisk. ...
CVE-2016-2316chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...
CVE-2016-2232Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...
CVE-2015-3008Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x be ...
CVE-2015-1558Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when u ...
CVE-2014-9374Double free vulnerability in the WebSocket Server (res_http_websocket ...
CVE-2014-8418The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...
CVE-2014-8417ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13 ...
CVE-2014-8416Use-after-free vulnerability in the PJSIP channel driver in Asterisk O ...
CVE-2014-8415Race condition in the chan_pjsip channel driver in Asterisk Open Sourc ...
CVE-2014-8414ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...
CVE-2014-8413The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 an ...
CVE-2014-8412The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Inte ...
CVE-2014-6610Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Ce ...
CVE-2014-6609The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 ...
CVE-2014-4048The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows ...
CVE-2014-4047Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 1 ...
CVE-2014-4046Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Ce ...
CVE-2014-4045The Publish/Subscribe Framework in the PJSIP channel driver in Asteris ...
CVE-2014-2289res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Op ...
CVE-2014-2288The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, w ...
CVE-2014-2287channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11. ...
CVE-2014-2286main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x befo ...
CVE-2013-7100Buffer overflow in the unpacksms16 function in apps/app_sms.c in Aster ...
CVE-2013-5642The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...
CVE-2013-5641The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1 ...
CVE-2013-2686main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1. ...
CVE-2013-2685Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...
CVE-2013-2264The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...
CVE-2012-5977Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 1 ...
CVE-2012-5976Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8 ...
CVE-2012-4737channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...
CVE-2012-3863channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...
CVE-2012-3812Double free vulnerability in apps/app_voicemail.c in Asterisk Open Sou ...
CVE-2012-3553chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...
CVE-2012-2948chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...
CVE-2012-2947chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-ce ...
CVE-2012-2416chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...
CVE-2012-2415Heap-based buffer overflow in chan_skinny.c in the Skinny channel driv ...
CVE-2012-2414main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2. ...
CVE-2012-2186Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...
CVE-2012-1184Stack-based buffer overflow in the ast_parse_digest function in main/u ...
CVE-2012-1183Stack-based buffer overflow in the milliwatt_generate function in the ...
CVE-2012-0885chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x befor ...
CVE-2011-4598The handle_request_info function in channels/chan_sip.c in Asterisk Op ...
CVE-2011-4597The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1 ...
CVE-2011-4063chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...
CVE-2011-2666The default configuration of the SIP channel driver in Asterisk Open S ...
CVE-2011-2665reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...
CVE-2011-2536chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x bef ...
CVE-2011-2535chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x b ...
CVE-2011-2529chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x bef ...
CVE-2011-2216reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8 ...
CVE-2011-1599manager.c in the Manager Interface in Asterisk Open Source 1.4.x befor ...
CVE-2011-1507Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1 ...
CVE-2011-1175tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...
CVE-2011-1174manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x bef ...
CVE-2011-1147Multiple stack-based and heap-based buffer overflows in the (1) decode ...
CVE-2011-0495Stack-based buffer overflow in the ast_uri_encode function in main/uti ...
CVE-2010-1224main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x be ...
CVE-2010-0685The design of the dialplan functionality in Asterisk Open Source 1.2.x ...
CVE-2010-0441Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...
CVE-2009-4055rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27 ...
CVE-2009-3727Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0 ...
CVE-2009-3723asterisk allows calls on prohibited networks
CVE-2009-2726The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1. ...
CVE-2009-2651main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...
CVE-2009-2346The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...
CVE-2009-0871The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4 ...
CVE-2009-0041IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23- ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototype ...
CVE-2008-5558Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2. ...
CVE-2008-3903Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1 ...
CVE-2008-3264The FWDOWNL firmware-download implementation in Asterisk Open Source 1 ...
CVE-2008-3263The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...
CVE-2008-2119Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Editio ...
CVE-2008-1923The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72 ...
CVE-2008-1897The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2 ...
CVE-2008-1390The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.1 ...
CVE-2008-1333Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0 ...
CVE-2008-1332Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...
CVE-2008-1289Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18. ...
CVE-2008-0095The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Bu ...
CVE-2007-6430Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...
CVE-2007-6171SQL injection vulnerability in the Postgres Realtime Engine (res_confi ...
CVE-2007-6170SQL injection vulnerability in the Call Detail Record Postgres logging ...
CVE-2007-5358Multiple buffer overflows in the voicemail functionality in Asterisk 1 ...
CVE-2007-4521Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an I ...
CVE-2007-4455The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...
CVE-2007-4280The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...
CVE-2007-4103The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2. ...
CVE-2007-3765The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW be ...
CVE-2007-3764The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...
CVE-2007-3763The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4. ...
CVE-2007-3762Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...
CVE-2007-2488The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does n ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...
CVE-2007-2297The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...
CVE-2007-2294The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...
CVE-2007-2293Multiple stack-based buffer overflows in the process_sdp function in c ...
CVE-2007-1595The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk doe ...
CVE-2007-1561The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 al ...
CVE-2007-1306Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attacker ...
CVE-2006-5445Unspecified vulnerability in the SIP channel driver (channels/chan_sip ...
CVE-2006-5444Integer overflow in the get_input function in the Skinny channel drive ...
CVE-2006-4346Asterisk 1.2.10 supports the use of client-controlled variables to det ...
CVE-2006-4345Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asteris ...
CVE-2006-2898The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 an ...
CVE-2006-1827Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlie ...
CVE-2005-3559Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 throu ...
CVE-2005-2081Stack-based buffer overflow in the function that parses commands in As ...
CVE-2003-0779SQL injection vulnerability in the Call Detail Record (CDR) logging fu ...
CVE-2003-0761Buffer overflow in the get_msg_text of chan_sip.c in the Session Initi ...

Security announcements

DSA / DLADescription
ELA-1032-1asterisk - security update
DSA-5596-1asterisk - security update
DLA-3696-1asterisk - security update
DSA-5438-1asterisk - security update
DLA-3394-1asterisk - security update
DSA-5358-1asterisk - security update
DLA-3335-1asterisk - security update
ELA-799-1asterisk - security update
DSA-5285-1asterisk - security update
DLA-3194-1asterisk - security update
ELA-699-1asterisk - security update
DLA-2969-1asterisk - security update
DSA-4999-1asterisk - security update
DLA-2729-1asterisk - security update
DLA-2017-2asterisk - regression update
DLA-2017-1asterisk - security update
DSA-4320-1asterisk - security update
DLA-1523-1asterisk - security update
DSA-4076-1asterisk - security update
DLA-1225-1asterisk - security update
DLA-1122-1asterisk - security update
DSA-3990-1asterisk - security update
DSA-3964-1asterisk - security update
DLA-781-2asterisk - regression update
DLA-781-1asterisk - security update
DSA-3700-1asterisk - security update
DLA-455-1asterisk - security update
DSA-2835-1asterisk - buffer overflow
DSA-2749-1asterisk - several
DSA-2605-1asterisk - several issues
DSA-2550-1asterisk - several
DSA-2493-1asterisk - denial of service
DSA-2460-1asterisk - several
DSA-2367-1asterisk - several
DSA-2276-2asterisk - multiple issues
DSA-2276-1asterisk - multiple issues
DSA-2225-1asterisk - several
DSA-2171-1asterisk - buffer overflow
DSA-1952-1asterisk - several vulnerabilities
DSA-1563-1asterisk - denial of service
DSA-1525-1asterisk
DSA-1417-1asterisk - SQL injection
DSA-1358-1asterisk
DSA-1229-1asterisk
DSA-1126asterisk - several
DSA-1048-1asterisk - several vulnerabilities
Search for package or bug name: Reporting problems