GCVE - cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:certified_asterisk:13.13.0:cert1_rc4:*:*:*:*:*:*

part: a version: 13.13.0 update: cert1_rc4

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Certified Asterisk (`28acf01c-dbb1-5902-9616-b4c28682b220`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:asterisk/telephony/certified-asterisk`	purl2cpe	2026-06-01 10:15:42.007784
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:42.007786

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-16672`	vulnerable	2026-06-08 05:09:00.716858	Details available An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. Published: 2017-11-09T00:00:00.000Z Updated: 2024-08-05T20:35:19.786Z Open on db.gcve.eu Reference links http://downloads.digium.com/pub/security/AST-2017-011.html http://www.securityfocus.com/bid/101765 https://issues.asterisk.org/jira/browse/ASTERISK-27345 https://security.gentoo.org/glsa/201811-11 https://www.debian.org/security/2017/dsa-4076	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-16671`	vulnerable	2026-06-08 05:09:00.713551	Details available A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. Published: 2017-11-09T00:00:00.000Z Updated: 2024-08-05T20:35:19.933Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/101760 http://downloads.digium.com/pub/security/AST-2017-010.html https://security.gentoo.org/glsa/201811-11 https://www.debian.org/security/2017/dsa-4076 https://issues.asterisk.org/jira/browse/ASTERISK-27337	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Digium Certified Asterisk 13.13.0 Cert1 Release Candidate 4

PURL mappings

Vulnerability references

Contribute