Digium Certified Asterisk 13.1.0 Release Candidate 2
Approved changes feed: RSS · Atom
cpe:2.3:a:digium:certified_asterisk:13.1.0:rc2:*:*:*:*:*:*
part: a version: 13.1.0 update: rc2
| Vendor | Digium (05ad29b7-5b41-56d5-935d-a279ab7f14bc) |
|---|---|
| Product | Certified Asterisk (28acf01c-dbb1-5902-9616-b4c28682b220) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:asterisk/telephony/certified-asterisk |
purl2cpe | 2026-06-01 10:15:42.007734 |
pkg:github/asterisk/asterisk |
purl2cpe | 2026-06-01 10:15:42.007735 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-13161 |
vulnerable | 2026-06-08 05:12:41.121709 |
Details available
An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).
Published: 2019-07-12T19:24:37.000Z
Updated: 2024-08-04T23:41:10.494Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-17850 |
vulnerable | 2026-06-08 05:09:10.021955 |
Details available
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.
Published: 2017-12-23T00:00:00.000Z
Updated: 2024-08-05T21:06:49.280Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-2316 |
vulnerable | 2026-06-08 05:07:34.130284 |
Details available
chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.
Published: 2016-02-22T15:05:00.000Z
Updated: 2024-08-05T23:24:48.520Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-2232 |
vulnerable | 2026-06-08 05:07:33.882163 |
Details available
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
Published: 2016-02-22T15:05:00.000Z
Updated: 2024-08-05T23:24:48.950Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.