GCVE - cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:asterisk:1.2.16:*:*:*:*:*:*:*

part: a version: 1.2.16 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Asterisk (`95a29321-1bd0-5763-8bc3-5646752cc98c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:22.726679
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:22.726681
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:22.726682
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:22.726684
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:22.726685

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3263`	vulnerable	2026-06-03 14:28:52.858068	Details available The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. Published: 2008-07-22T23:00:00.000Z Updated: 2024-08-07T09:28:41.740Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/bid/30321 http://secunia.com/advisories/31194 https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 http://www.vupen.com/english/advisories/2008/2168/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3765`	vulnerable	2026-06-03 14:28:16.976914	Details available The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.295Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://ftp.digium.com/pub/asa/ASA-2007-017.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/35480	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3764`	vulnerable	2026-06-03 14:28:16.975560	Details available The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.239Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3763`	vulnerable	2026-06-03 14:28:16.974443	Details available The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.493Z Open on db.gcve.eu Reference links http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3762`	vulnerable	2026-06-03 14:28:16.963745	Details available Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.292Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/35466 http://secunia.com/advisories/26099 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2297`	vulnerable	2026-06-03 14:28:07.914897	Details available The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash). Published: 2007-04-26T20:00:00.000Z Updated: 2024-08-07T13:33:28.286Z Open on db.gcve.eu Reference links http://www.asterisk.org/files/ASA-2007-011.pdf http://bugs.digium.com/view.php?id=9313 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.securitytracker.com/id?1017954 http://www.securityfocus.com/bid/24359	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-2294`	vulnerable	2026-06-03 14:28:07.907972	Details available The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference. Published: 2007-04-26T20:00:00.000Z Updated: 2024-08-07T13:33:28.299Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/1534 http://www.securitytracker.com/id?1017955 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html http://www.osvdb.org/35369 http://securityreason.com/securityalert/2646	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1594`	vulnerable	2026-06-03 14:28:06.196413	Details available The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. Published: 2007-03-22T23:00:00.000Z Updated: 2024-08-07T12:59:08.987Z Open on db.gcve.eu Reference links http://svn.digium.com/view/asterisk/trunk/channels/chan_sip.c?r1=58907&r2=59038 http://www.securityfocus.com/bid/23093 http://www.vupen.com/english/advisories/2007/1077 http://bugs.digium.com/view.php?id=9313 http://www.securitytracker.com/id?1017809	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1561`	vulnerable	2026-06-03 14:28:05.926591	Details available The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address. Published: 2007-03-21T19:00:00.000Z Updated: 2024-08-07T12:59:08.721Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1017794 http://marc.info/?l=full-disclosure&m=117432783011737&w=2 http://secunia.com/advisories/24564 http://asterisk.org/node/48339 http://www.novell.com/linux/security/advisories/2007_34_asterisk.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.