GCVE - cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:asterisk:a:*:business:*:*:*:*:*

part: a version: a update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Asterisk (`95a29321-1bd0-5763-8bc3-5646752cc98c`)
Edition	business
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:22.897547
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:22.897549
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:22.897550
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:22.897551
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:22.897553

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3263`	vulnerable	2026-06-03 14:28:52.880053	Details available The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests. Published: 2008-07-22T23:00:00.000Z Updated: 2024-08-07T09:28:41.740Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/bid/30321 http://secunia.com/advisories/31194 https://exchange.xforce.ibmcloud.com/vulnerabilities/43942 http://www.vupen.com/english/advisories/2008/2168/references	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1332`	vulnerable	2026-06-03 14:28:40.170164	Details available Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Published: 2008-03-20T00:00:00.000Z Updated: 2024-08-07T08:17:34.472Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://downloads.digium.com/pub/security/AST-2008-003.html http://www.securityfocus.com/bid/28310	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3765`	vulnerable	2026-06-03 14:28:16.977008	Details available The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.295Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://ftp.digium.com/pub/asa/ASA-2007-017.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/35480	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3764`	vulnerable	2026-06-03 14:28:16.975656	Details available The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy." Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.239Z Open on db.gcve.eu Reference links http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3763`	vulnerable	2026-06-03 14:28:16.974540	Details available The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.493Z Open on db.gcve.eu Reference links http://ftp.digium.com/pub/asa/ASA-2007-015.pdf http://secunia.com/advisories/26099 http://www.securityfocus.com/bid/24950 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-3762`	vulnerable	2026-06-03 14:28:16.966895	Details available Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame. Published: 2007-07-18T17:00:00.000Z Updated: 2024-08-07T14:28:52.292Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/35466 http://secunia.com/advisories/26099 http://www.securitytracker.com/id?1018407 http://security.gentoo.org/glsa/glsa-200802-11.xml http://secunia.com/advisories/29051	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.