GCVE - cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:open_source:1.4.22.1:*:*:*:*:*:*:*

part: a version: 1.4.22.1 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Open Source (`8a2c0991-ed09-534c-8225-148908a50b94`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:23.327587
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:23.327589
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:23.327591
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:23.327592
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:23.327593

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2346`	vulnerable	2026-06-03 14:29:40.660954	Details available The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. Published: 2009-09-08T18:00:00.000Z Updated: 2024-08-07T05:44:55.999Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1022819 http://www.securityfocus.com/archive/1/506257/100/0/threaded http://secunia.com/advisories/36593 http://www.securityfocus.com/bid/36275 http://downloads.asterisk.org/pub/security/AST-2009-006.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-0041`	vulnerable	2026-06-03 14:29:21.999857	Details available IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. Published: 2009-01-14T23:00:00.000Z Updated: 2024-08-07T04:17:10.507Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-200905-01.xml http://www.securityfocus.com/archive/1/499884/100/0/threaded http://secunia.com/advisories/33453 http://securityreason.com/securityalert/4910 http://www.securityfocus.com/bid/33174	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.