GCVE - cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:open_source:1.0.3.4:*:*:*:*:*:*:*

part: a version: 1.0.3.4 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Open Source (`8a2c0991-ed09-534c-8225-148908a50b94`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:23.034923
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:23.034925
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:23.034926
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:23.034928
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:23.034929

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-3264`	vulnerable	2026-06-03 14:28:52.911631	Details available The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request. Published: 2008-07-24T15:18:00.000Z Updated: 2024-08-07T09:28:41.869Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1020536 http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/31194 http://www.vupen.com/english/advisories/2008/2168/references http://downloads.digium.com/pub/security/AST-2008-011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1897`	vulnerable	2026-06-03 14:28:42.479733	Details available The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923. Published: 2008-04-23T00:00:00.000Z Updated: 2024-08-07T08:40:59.845Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://secunia.com/advisories/29927 https://exchange.xforce.ibmcloud.com/vulnerabilities/41966 http://www.securityfocus.com/bid/28901 http://secunia.com/advisories/30010	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1332`	vulnerable	2026-06-03 14:28:40.188435	Details available Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header. Published: 2008-03-20T00:00:00.000Z Updated: 2024-08-07T08:17:34.472Z Open on db.gcve.eu Reference links http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00011.html http://secunia.com/advisories/29782 http://security.gentoo.org/glsa/glsa-200804-13.xml http://downloads.digium.com/pub/security/AST-2008-003.html http://www.securityfocus.com/bid/28310	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.