Open Source
Approved changes feed: RSS · Atom
cpe:2.3:a:asterisk:open_source:1.2.17:netsec:*:*:*:*:*:*
part: a version: 1.2.17 update: netsec
| Vendor | Asterisk (8cf0208b-fb97-57c9-94a0-6da40e548dcd) |
|---|---|
| Product | Open Source (8a2c0991-ed09-534c-8225-148908a50b94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/asterisk |
purl2cpe | 2026-06-01 10:15:23.154723 |
pkg:deb/ubuntu/asterisk |
purl2cpe | 2026-06-01 10:15:23.154725 |
pkg:github/asterisk/asterisk |
purl2cpe | 2026-06-01 10:15:23.154726 |
pkg:rpm/fedora/asterisk |
purl2cpe | 2026-06-01 10:15:23.154728 |
pkg:rpm/opensuse/asterisk |
purl2cpe | 2026-06-01 10:15:23.154729 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2009-2346 |
vulnerable | 2026-06-03 14:29:40.619851 |
Details available
The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.
Published: 2009-09-08T18:00:00.000Z
Updated: 2024-08-07T05:44:55.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0041 |
vulnerable | 2026-06-03 14:29:21.961453 |
Details available
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Published: 2009-01-14T23:00:00.000Z
Updated: 2024-08-07T04:17:10.507Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1923 |
vulnerable | 2026-06-03 14:28:42.605690 |
Details available
The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.
Published: 2008-04-23T16:00:00.000Z
Updated: 2024-08-07T08:41:00.169Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2008-1897 |
vulnerable | 2026-06-03 14:28:42.511354 |
Details available
The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.
Published: 2008-04-23T00:00:00.000Z
Updated: 2024-08-07T08:40:59.845Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.