GCVE - cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:open_source:1.8.7:*:*:*:*:*:*:*

part: a version: 1.8.7 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Open Source (`8a2c0991-ed09-534c-8225-148908a50b94`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:15:23.643921
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:15:23.643923
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:23.643924
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:15:23.643926
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:15:23.643927

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-2186`	vulnerable	2026-06-03 14:31:46.800337	Details available Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Published: 2012-08-31T14:00:00.000Z Updated: 2024-08-06T19:26:08.975Z Open on db.gcve.eu Reference links http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://downloads.asterisk.org/pub/security/AST-2012-012.html http://www.securitytracker.com/id?1027460	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4063`	vulnerable	2026-06-03 14:31:22.715091	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request. Published: 2011-10-21T10:00:00.000Z Updated: 2024-08-06T23:53:32.632Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1026191 http://securityreason.com/securityalert/8478 http://secunia.com/advisories/46420 http://www.securityfocus.com/archive/1/520141/100/0/threaded http://www.securityfocus.com/bid/50177	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.