GCVE - cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:asterisk:1.4.6:*:*:*:*:*:*:*

part: a version: 1.4.6 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Asterisk (`95a29321-1bd0-5763-8bc3-5646752cc98c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:22.804094
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:22.804095
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:22.804097
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:22.804098
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:22.804100

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3263`	vulnerable	2026-06-03 14:28:52.869725	Details available The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. Published: 2008-07-22T23:00:00.000Z Updated: 2024-08-07T09:28:41.740Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/bid/30321 http://secunia.com/advisories/31194 https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 http://www.vupen.com/english/advisories/2008/2168/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1390`	vulnerable	2026-06-03 14:28:40.591814	Details available The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses. Published: 2008-03-24T17:00:00.000Z Updated: 2024-08-07T08:17:34.588Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/3764 http://www.securityfocus.com/bid/28316 http://www.securityfocus.com/archive/1/489819/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41304 http://secunia.com/advisories/29449	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4521`	vulnerable	2026-06-03 14:28:18.627542	Details available Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail. Published: 2007-08-28T01:00:00.000Z Updated: 2024-08-07T15:01:09.606Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26601 http://www.securitytracker.com/id?1018606 http://downloads.digium.com/pub/asa/AST-2007-021.html http://www.securityfocus.com/archive/1/477729/100/0/threaded http://secunia.com/advisories/26602	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.