Asterisk Project Security Advisory - AST-2022-003
Product Asterisk
Summary func_odbc: Possible SQL Injection
Nature of Advisory SQL injection
Asterisk Project Security Advisory - AST-2022-002
ProductAsterisk
Summaryres_stir_shaken: SSRF vulnerability with Identity
header
Asterisk Project Security Advisory - AST-2022-001
ProductAsterisk
Summaryres_stir_shaken: resource exhaustion with large
files
Asterisk Project Security Advisory - AST-2022-006
ProductAsterisk
Summarypjproject: unconstrained malformed multipart SIP
message
Asterisk Project Security Advisory - AST-2022-005
ProductAsterisk
Summarypjproject: undefined behavior after freeing a dialog
set
Asterisk Project Security Advisory - AST-2022-004
ProductAsterisk
Summarypjproject: possible integer underflow on STUN
message
Asterisk Project Security Advisory - AST-2021-009
ProductAsterisk
Summarypjproject/pjsip: crash when SSL socket destroyed
during handshake
Asterisk Project Security Advisory - AST-2021-008
Product Asterisk
Summary Remote crash when using IAX2 channel driver
Nature of Advisory Denial of service
Asterisk Project Security Advisory - AST-2021-007
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2021-006
ProductAsterisk
SummaryCrash when negotiating T.38 with a zero port
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2021-005
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2021-004
ProductAsterisk
SummaryAn unsuspecting user could crash Asterisk with
multiple hold/unhold requests
Asterisk Project Security Advisory - AST-2021-003
ProductAsterisk
SummaryRemote attacker could prematurely tear down SRTP
calls
Asterisk Project Security Advisory - AST-2021-002
Product Asterisk
Summary Remote crash possible when negotiating T.38
Nature of Advisory Denial of service
Asterisk Project Security Advisory - AST-2021-001
Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Asterisk Project Security Advisory - AST-2020-004
Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Asterisk Project Security Advisory - AST-2020-003
Product Asterisk
Summary Remote crash in res_pjsip_diversion
Nature of Advisory Denial of service
Asterisk Project Security Advisory â AST-2020-002
ProductAsterisk
SummaryOutbound INVITE loop on challenge with different
nonce.
Asterisk Project Security Advisory - AST-2020-001
Product Asterisk
Summary Remote crash in res_pjsip_session
Nature of Advisory Denial of service
Asterisk Project Security Advisory -
ProductAsterisk
SummaryRe-invite with T.38 and malformed SDP causes crash.
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2019-007
ProductAsterisk
SummaryAMI user could execute system commands.
Nature of Advisory Remote Code Execution
Asterisk Project Security Advisory - AST-2019-006
ProductAsterisk
SummarySIP request can change address of a SIP peer.
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2019-005
Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2019-004
ProductAsterisk
SummaryCrash when negotiating for T.38 with a declined
stream
Asterisk Project Security Advisory - AST-2019-003
ProductAsterisk
SummaryRemote Crash Vulnerability in chan_sip channel
driver
Asterisk Project Security Advisory - AST-2019-002
Product Asterisk
Summary Remote crash vulnerability with MESSAGE messages
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2019-001
ProductAsterisk
SummaryRemote crash vulnerability with SDP protocol
violation
Asterisk Project Security Advisory - AST-2018-010
ProductAsterisk
SummaryRemote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2018-010
ProductAsterisk
Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2018-009
ProductAsterisk
SummaryRemote crash vulnerability in HTTP websocket upgrade
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2018-008
ProductAsterisk
SummaryPJSIP endpoint presence disclosure when using ACL
Nature of Advisory Unauthorized data disclosure
Asterisk Project Security Advisory - AST-2018-007
ProductAsterisk
SummaryInfinite loop when reading iostreams
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2018-006
ProductAsterisk
SummaryWebSocket frames with 0 sized payload causes DoS
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2018-005
ProductAsterisk
SummaryCrash when large numbers of TCP connections are
closed suddenly
Asterisk Project Security Advisory - AST-2018-004
Product Asterisk
Summary Crash when receiving SUBSCRIBE request
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2018-003
ProductAsterisk
SummaryCrash with an invalid SDP fmtp attribute
Nature of Advisory Remote crash
Asterisk Project Security Advisory - AST-2018-002
ProductAsterisk
SummaryCrash when given an invalid SDP media format
description
Asterisk Project Security Advisory - AST-2018-001
Product Asterisk
Summary Crash when receiving unnegotiated dynamic payload
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2017-014
ProductAsterisk
SummaryCrash in PJSIP resource when missing a contact
header
Asterisk Project Security Advisory - AST-2017-012
Product Asterisk
Summary Remote Crash Vulnerability in RTCP Stack
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2017-013
Product Asterisk
Summary DOS Vulnerability in Asterisk chan_skinny
Nature of Advisory Denial of Service
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert8, 13.18.3,
14.7.3 and 15.1.3.
These releases are available for immediate download at
http://downloads.asterisk
Asterisk Project Security Advisory - AST-2017-011
ProductAsterisk
SummaryMemory leak in pjsip session resource
Nature of Advisory Memory leak
Asterisk Project Security Advisory - AST-2017-010
ProductAsterisk
SummaryBuffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
Asterisk Project Security Advisory - AST-2017-009
ProductAsterisk
SummaryBuffer overflow in pjproject header parsing can
cause crash in Asterisk
Asterisk Project Security Advisory - AST-2017-008
ProductAsterisk
SummaryRTP/RTCP information leak
Nature of Advisory Unauthorized data disclosure
Asterisk Project Security Advisory - AST-2017-006
ProductAsterisk
SummaryShell access command injection in app_minivm
Nature of Advisory Unauthorized command execution
Asterisk Project Security Advisory - AST-2017-005
ProductAsterisk
SummaryMedia takeover in RTP stack
Nature of Advisory Unauthorized data disclosure
Asterisk Project Security Advisory - AST-2017-007
ProductAsterisk
SummaryRemote Crash Vulerability in res_pjsip
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2017-004
Product Asterisk
Summary Memory exhaustion on short SCCP packets
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2017-003
ProductAsterisk
SummaryCrash in PJSIP multi-part body parser
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2017-002
ProductAsterisk
SummaryBuffer Overrun in PJSIP transaction layer
Nature of Advisory Buffer Overrun/Crash
Asterisk Project Security Advisory - AST-2017-001
ProductAsterisk
SummaryBuffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
Asterisk Project Security Advisory - AST-2016-008
ProductAsterisk
SummaryCrash on SDP offer or answer from endpoint using
Opus
Asterisk Project Security Advisory - ASTERISK-2016-009
ProductAsterisk
Summary
Nature of Advisory Authentication Bypass
SusceptibilityRemote unauthenticated
On September 8, the Asterisk development team released the AST-2016-007
security advisory. The security advisory involved an RTP resource
exhaustion that could be targeted due to a flaw in the "allowoverlap"
option of chan_sip. Due to new information presented to us by Walter
Doekes, we have made t
Asterisk Project Security Advisory - AST-2016-007
ProductAsterisk
SummaryRTP Resource Exhaustion
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2016-006
ProductAsterisk
SummaryCrash on ACK from unknown endpoint
Nature of Advisory Remote Crash
Asterisk Project Security Advisory - AST-2016-005
ProductAsterisk
SummaryTCP denial of service in PJProject
Nature of Advisory Crash/Denial of Service
Asterisk Project Security Advisory - AST-2016-004
ProductAsterisk
SummaryLong Contact URIs in REGISTER requests can crash
Asterisk
Asterisk Project Security Advisory - AST-2016-003
ProductAsterisk
SummaryRemote crash vulnerability when receiving UDPTL FAX
data.
Asterisk Project Security Advisory - AST-2016-001
ProductAsterisk
SummaryBEAST vulnerability in HTTP server
Nature of Advisory Unauthorized data disclosure due to
Asterisk Project Security Advisory - AST-2016-002
ProductAsterisk
SummaryFile descriptor exhaustion in chan_sip
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2015-003
ProductAsterisk
SummaryTLS Certificate Common name NULL byte exploit
Nature of Advisory Man in the Middle Attack
Asterisk Project Security Advisory - AST-2015-001
ProductAsterisk
SummaryFile descriptor leak when incompatible codecs are
offered
Asterisk Project Security Advisory - AST-2015-002
ProductAsterisk
SummaryMitigation for libcURL HTTP request injection
vulnerability
Asterisk Project Security Advisory - AST-2014-019
ProductAsterisk
SummaryRemote Crash Vulnerability in WebSocket Server
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-017
ProductAsterisk
SummaryPermission escalation through ConfBridge
actions/dialplan functions
Asterisk Project Security Advisory - AST-2014-018
ProductAsterisk
SummaryAMI permission escalation through DB dialplan
function
Asterisk Project Security Advisory - AST-2014-016
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-015
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-013
ProductAsterisk
SummaryPJSIP ACLs are not loaded on startup
Nature of Advisory Unauthorized Access
Asterisk Project Security Advisory - AST-2014-014
ProductAsterisk
SummaryHigh call load may result in hung channels in
ConfBridge.
Asterisk Project Security Advisory - AST-2014-012
ProductAsterisk
SummaryMixed IP address families in access control lists
may permit unwanted traffic.
Asterisk Project Security Advisory - AST-2014-011
ProductAsterisk
SummaryAsterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Asterisk Project Security Advisory - AST-2014-010
ProductAsterisk
SummaryRemote crash when handling out of call message in
certain dialplan configurations
Asterisk Project Security Advisory - AST-2014-009
ProductAsterisk
SummaryRemote crash based on malformed SIP subscription
requests
Asterisk Project Security Advisory - AST-2014-008
ProductAsterisk
SummaryDenial of Service in PJSIP Channel Driver
Subscriptions
Asterisk Project Security Advisory - AST-2014-007
Product Asterisk
Summary Exhaustion of Allowed Concurrent HTTP Connections
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2014-006
Product Asterisk
Summary Asterisk Manager User Unauthorized Shell Access
Nature of Advisory Permission Escalation
Asterisk Project Security Advisory - AST-2014-005
ProductAsterisk
SummaryRemote Crash in PJSIP Channel Driver's
Publish/Subscribe Framework
Asterisk Project Security Advisory - AST-2014-003
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP channel driver
Nature of Advisory Denial of Service
Asterisk Project Security Advisory - AST-2014-004
ProductAsterisk
SummaryRemote Crash Vulnerability in PJSIP Channel Driver
Subscription Handling
Asterisk Project Security Advisory - AST-2014-002
ProductAsterisk
SummaryDenial of Service Through File Descriptor Exhaustion
with chan_sip Session-Timers
Asterisk Project Security Advisory - AST-2014-001
ProductAsterisk
SummaryStack Overflow in HTTP Processing of Cookie Headers.
Nature of Advisory Denial Of Service
Asterisk Project Security Advisory - AST-2013-007
ProductAsterisk
SummaryAsterisk Manager User Dialplan Permission Escalation
Nature of Advisory Permission Escalation
Asterisk Project Security Advisory - AST-2013-006
ProductAsterisk
SummaryBuffer Overflow when receiving odd length 16 bit SMS
message
Asterisk Project Security Advisory - AST-2008-001
++
| Product | Asterisk |
|-+---
Asterisk Project Security Advisory - AST-2007-026
++
| Product| Asterisk|
|--+-|
Asterisk Project Security Advisory - AST-2007-025
++
| Product| Asterisk|
|--+-|
The Asterisk.org development team has released Asterisk versions 1.4.15 and
1.2.25. These releases contain two fixes for security issues.
http://downloads.digium.com/pub/asa/AST-2007-025.pdf
* This is a SQL injection vulnerability in the res_config_pgsql module.
Default installations of Asterisk
91 matches
Mail list logo