VuXML ID | Description |
dd698b76-42f7-11e1-a1b6-14dae9ebcf89 | asterisk -- SRTP Video Remote Crash Vulnerability
Asterisk project reports:
An attacker attempting to negotiate a secure video stream can
crash Asterisk if video support has not been enabled and the
res_srtp Asterisk module is loaded.
Discovery 2012-01-15 Entry 2012-01-20 Modified 2013-06-19 asterisk18
< 1.8.8.2
asterisk10
< 10.0.1
http://downloads.asterisk.org/pub/security/AST-2012-001.html
|
964c5460-9c66-11ec-ad3a-001999f8d30b | asterisk -- multiple vulnerabilities
The Asterisk project reports:
AST-2022-004 - The header length on incoming STUN
messages that contain an ERROR-CODE attribute is not
properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use
with a malicious remote party.
AST-2022-005 - When acting as a UAC, and when placing
an outgoing call to a target that then forks Asterisk may
experience undefined behavior (crashes, hangs, etc) after
a dialog set is prematurely freed.
AST-2022-006 - If an incoming SIP message contains a
malformed multi-part body an out of bounds read access
may occur, which can result in undefined behavior. Note,
its currently uncertain if there is any externally
exploitable vector within Asterisk for this issue, but
providing this as a security issue out of caution.
Discovery 2022-03-03 Entry 2022-03-05 asterisk16
< 16.24.1
asterisk18
< 18.10.1
CVE-2021-37706
CVE-2022-23608
CVE-2022-21723
https://downloads.asterisk.org/pub/security/AST-2022-004.html
https://downloads.asterisk.org/pub/security/AST-2022-005.html
https://downloads.asterisk.org/pub/security/AST-2022-006.html
|
6adf6ce0-44a6-11eb-95b7-001999f8d30b | asterisk -- Remote crash in res_pjsip_diversion
The Asterisk project reports:
AST-2020-003: A crash can occur in Asterisk when a SIP
message is received that has a History-Info header, which
contains a tel-uri.
AST-2020-004: A crash can occur in Asterisk when a SIP
181 response is received that has a Diversion header,
which contains a tel-uri.
Discovery 2020-12-02 Entry 2020-12-22 asterisk13
< 13.38.1
asterisk16
< 16.15.1
asterisk18
< 18.1.1
https://downloads.asterisk.org/pub/security/AST-2020-003.html
https://downloads.asterisk.org/pub/security/AST-2020-004.html
|
0c39bafc-6771-11e3-868f-0025905a4771 | asterisk -- multiple vulnerabilities
The Asterisk project reports:
A 16 bit SMS message that contains an odd message length value will
cause the message decoding loop to run forever. The message buffer is
not on the stack but will be overflowed resulting in corrupted memory
and an immediate crash.
External control protocols, such as the Asterisk Manager Interface,
often have the ability to get and set channel variables; this allows
the execution of dialplan functions. Dialplan functions within
Asterisk are incredibly powerful, which is wonderful for building
applications using Asterisk. But during the read or write execution,
certain diaplan functions do much more. For example, reading the SHELL()
function can execute arbitrary commands on the system Asterisk is
running on. Writing to the FILE() function can change any file that
Asterisk has write access to. When these functions are executed from an
external protocol, that execution could result in a privilege escalation.
Discovery 2013-12-16 Entry 2013-12-17 asterisk10
< 10.12.4
asterisk11
< 11.6.1
asterisk18
< 1.8.24.1
CVE-2013-7100
http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
https://www.asterisk.org/security
|
8dd438ed-a338-11ed-b48b-589cfc0f81b0 | Asterisk -- multiple vulnerabilities
The Asterisk project reports:
AST-2022-007: Remote Crash Vulnerability in H323 channel add on
AST-2022-008: Use after free in res_pjsip_pubsub.c
AST-2022-009: GetConfig AMI Action can read files outside of
Asterisk directory
Discovery 2022-12-01 Entry 2023-02-02 asterisk18
< 18.15.1
CVE-2022-37325
CVE-2022-42705
CVE-2022-42706
https://downloads.asterisk.org/pub/security/AST-2022-007.html
https://downloads.asterisk.org/pub/security/AST-2022-008.html
https://downloads.asterisk.org/pub/security/AST-2022-009.html
|
8838abf0-bc47-11ec-b516-0897988a1c07 | Asterisk -- multiple vulnerabilities
The Asterisk project reports:
AST-2022-001 - When using STIR/SHAKEN, its possible
to download files that are not certificates. These files
could be much larger than what you would expect to
download.
AST-2022-002 - When using STIR/SHAKEN, its possible
to send arbitrary requests like GET to interfaces such
as localhost using the Identity header.
Discovery 2022-04-14 Entry 2022-04-14 asterisk16
gt 16.15.0 lt 16.25.2
asterisk18
< 18.11.2
CVE-2022-26498
https://downloads.asterisk.org/pub/security/AST-2022-001.html
CVE-2022-26499
https://downloads.asterisk.org/pub/security/AST-2022-002.html
|
9e8f0766-7d21-11eb-a2be-001999f8d30b | asterisk -- Crash when negotiating T.38 with a zero port
The Asterisk project reports:
When Asterisk sends a re-invite initiating T.38 faxing
and the endpoint responds with a m=image line and zero
port, a crash will occur in Asterisk. This is a reoccurrence
of AST-2019-004.
Discovery 2021-02-20 Entry 2021-03-04 asterisk16
< 16.16.2
asterisk18
< 18.2.2
CVE-2019-15297
https://downloads.asterisk.org/pub/security/AST-2021-006.html
|
53fbffe6-ebf7-11eb-aef1-0897988a1c07 | asterisk -- pjproject/pjsip: crash when SSL socket destroyed during handshake
The Asterisk project reports:
Depending on the timing, it's possible for Asterisk to
crash when using a TLS connection if the underlying socket
parent/listener gets destroyed during the handshake.
Discovery 2021-05-05 Entry 2021-07-23 asterisk13
< 13.38.3
asterisk16
< 16.19.1
asterisk18
< 18.5.1
CVE-2021-32686
https://downloads.asterisk.org/pub/security/AST-2021-009.html
|
29b7f0be-1fb7-11eb-b9d4-001999f8d30b | asterisk -- Outbound INVITE loop on challenge with different nonce
The Asterisk project reports:
If Asterisk is challenged on an outbound INVITE and
the nonce is changed in each response, Asterisk will
continually send INVITEs in a loop. This causes Asterisk
to consume more and more memory since the transaction
will never terminate (even if the call is hung up),
ultimately leading to a restart or shutdown of Asterisk.
Outbound authentication must be configured on the endpoint
for this to occur.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-002.html
|
fb3455be-ebf6-11eb-aef1-0897988a1c07 | asterisk -- Remote crash when using IAX2 channel driver
The Asterisk project reports:
If the IAX2 channel driver receives a packet that
contains an unsupported media format it can cause a crash
to occur in Asterisk.
Discovery 2021-04-13 Entry 2021-07-23 asterisk13
< 13.38.3
asterisk16
< 16.19.1
asterisk18
< 18.5.1
CVE-2021-32558
https://downloads.asterisk.org/pub/security/AST-2021-008.html
|
bb389137-21fb-11e1-89b4-001ec9578670 | asterisk -- Multiple Vulnerabilities
Asterisk project reports:
It is possible to enumerate SIP usernames when the general and
user/peer NAT settings differ in whether to respond to the port
a request is sent from or the port listed for responses in the
Via header.
When the "automon" feature is enabled in features.conf, it is
possible to send a sequence of SIP requests that cause Asterisk
to dereference a NULL pointer and crash.
Discovery 2011-12-08 Entry 2011-12-09 asterisk18
< 1.8.7.2
asterisk16
< 1.6.2.21
CVE-2011-4597
CVE-2011-4598
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://downloads.asterisk.org/pub/security/AST-2011-014.html
|
f109b02f-f5a4-11e3-82e9-00a098b18457 | asterisk -- multiple vulnerabilities
The Asterisk project reports:
Asterisk Manager User Unauthorized Shell Access. Manager users can
execute arbitrary shell commands with the MixMonitor manager action.
Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is
permitted to use manager commands can potentially execute shell
commands as the user executing the Asterisk process.
Exhaustion of Allowed Concurrent HTTP Connections. Establishing a
TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP
request will tie up a HTTP session. By doing this repeatedly until the
maximum number of open HTTP sessions is reached, legitimate requests
are blocked.
Discovery 2014-06-12 Entry 2014-06-17 asterisk11
< 11.10.1
asterisk18
< 1.8.28.1
CVE-2014-4046
CVE-2014-4047
http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
https://www.asterisk.org/security
|
1bb2826b-7229-11eb-8386-001999f8d30b | asterisk -- Remote Crash Vulnerability in PJSIP channel driver
The Asterisk project reports:
Given a scenario where an outgoing call is placed from
Asterisk to a remote SIP server it is possible for a crash
to occur.
Discovery 2021-02-08 Entry 2021-02-18 asterisk13
< 13.38.2
asterisk16
< 16.16.1
asterisk18
< 18.2.1
CVE-2021-26906
https://downloads.asterisk.org/pub/security/AST-2021-005.html
|
a5de43ed-bc49-11ec-b516-0897988a1c07 | Asterisk -- func_odbc: Possible SQL Injection
The Asterisk project reports:
Some databases can use backslashes to escape certain
characters, such as backticks. If input is provided to
func_odbc which includes backslashes it is possible for
func_odbc to construct a broken SQL query and the SQL
query to fail.
Discovery 2022-04-14 Entry 2022-04-14 asterisk16
< 16.25.2
asterisk18
< 18.11.2
CVE-2022-26651
https://downloads.asterisk.org/pub/security/AST-2022-003.html
|
03159886-a8a3-11e3-8f36-0025905a4771 | asterisk -- multiple vulnerabilities
The Asterisk project reports:
Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
request that is handled by Asterisk with a large number of Cookie
headers could overflow the stack. You could even exhaust memory if you
sent an unlimited number of headers in the request.
Denial of Service Through File Descriptor Exhaustion with chan_sip
Session-Timers. An attacker can use all available file descriptors
using SIP INVITE requests. Asterisk will respond with code 400, 420,
or 422 for INVITEs meeting this criteria.
Each INVITE meeting these conditions will leak a channel and several
file descriptors. The file descriptors cannot be released without
restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly.
Remote Crash Vulnerability in PJSIP channel driver. A remotely
exploitable crash vulnerability exists in the PJSIP channel driver if
the "qualify_frequency" configuration option is enabled on an AOR and
the remote SIP server challenges for authentication of the resulting
OPTIONS request. The response handling code wrongly assumes that a
PJSIP endpoint will always be associated with an outgoing request which
is incorrect.
Discovery 2014-03-10 Entry 2014-03-10 asterisk11
< 11.8.1
asterisk18
< 1.8.26.1
CVE-2014-2286
CVE-2014-2287
CVE-2014-2288
http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
https://www.asterisk.org/security
|
972fe546-1fb6-11eb-b9d4-001999f8d30b | asterisk -- Remote crash in res_pjsip_session
The Asterisk project reports:
Upon receiving a new SIP Invite, Asterisk did not
return the created dialog locked or referenced. This
caused a gap between the creation of the dialog object,
and its next use by the thread that created it. Depending
upon some off nominal circumstances, and timing it was
possible for another thread to free said dialog in this
gap. Asterisk could then crash when the dialog object,
or any of its dependent objects were de-referenced, or
accessed next by the initial creation thread.
Discovery 2020-11-05 Entry 2020-11-05 asterisk13
< 13.37.1
asterisk16
< 16.14.1
asterisk18
< 18.0.1
https://downloads.asterisk.org/pub/security/AST-2020-001.html
|