GCVE - cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:open_source:1.0.2:*:*:*:*:*:*:*

part: a version: 1.0.2 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Open Source (`8a2c0991-ed09-534c-8225-148908a50b94`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:23.013987
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:23.013989
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:23.013990
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:23.013992
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:23.013993

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3264`	vulnerable	2026-06-03 14:28:52.910667	Details available The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. Published: 2008-07-24T15:18:00.000Z Updated: 2024-08-07T09:28:41.869Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1020536 http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/31194 http://www.vupen.com/english/advisories/2008/2168/references http://downloads.digium.com/pub/security/AST-2008-011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2119`	vulnerable	2026-06-03 14:28:43.362074	Details available Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer. Published: 2008-06-04T19:17:00.000Z Updated: 2024-08-07T08:49:58.663Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/30517 https://www.exploit-db.com/exploits/5749 https://exchange.xforce.ibmcloud.com/vulnerabilities/42823 http://bugs.digium.com/view.php?id=12607	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1923`	vulnerable	2026-06-03 14:28:42.604506	Details available The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message. Published: 2008-04-23T16:00:00.000Z Updated: 2024-08-07T08:41:00.169Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/42049 http://downloads.digium.com/pub/security/AST-2008-006.html http://bugs.digium.com/view.php?id=10078 http://www.altsci.com/concepts/page.php?s=asteri&p=1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1897`	vulnerable	2026-06-03 14:28:42.479685	Details available The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. Published: 2008-04-23T00:00:00.000Z Updated: 2024-08-07T08:40:59.845Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/29927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41966 http://www.securityfocus.com/bid/28901 http://secunia.com/advisories/30010	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1332`	vulnerable	2026-06-03 14:28:40.187497	Details available Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Published: 2008-03-20T00:00:00.000Z Updated: 2024-08-07T08:17:34.472Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://downloads.digium.com/pub/security/AST-2008-003.html http://www.securityfocus.com/bid/28310	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.