GCVE - cpe:2.3:a:digium:asterisk:1.2.0

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.2.0_beta2:*:*:*:*:*:*:*

part: a version: 1.2.0_beta2 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.778476

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2007-1306`	vulnerable	2026-06-08 04:49:42.035118	Details available Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Published: 2007-03-07T00:00:00.000Z Updated: 2024-08-07T12:50:35.142Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/0830 http://www.securityfocus.com/bid/22838 http://www.osvdb.org/33888 http://secunia.com/advisories/24578 http://asterisk.org/node/48319	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5445`	vulnerable	2026-06-08 04:49:20.521736	Details available Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. Published: 2006-10-23T17:00:00.000Z Updated: 2024-08-07T19:48:30.533Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/4098 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/bid/20835 http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4345`	vulnerable	2026-06-08 04:49:17.663065	Details available Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Published: 2006-08-24T20:00:00.000Z Updated: 2024-08-07T19:06:07.392Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/3372 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/22651 http://www.securityfocus.com/bid/19683	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2898`	vulnerable	2026-06-08 04:49:07.808282	Details available The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. Published: 2006-06-07T10:00:00.000Z Updated: 2024-08-07T18:06:27.038Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1016236 http://www.debian.org/security/2006/dsa-1126 http://secunia.com/advisories/20899 http://secunia.com/advisories/20658 https://exchange.xforce.ibmcloud.com/vulnerabilities/27045	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Asterisk

PURL mappings

Vulnerability references

Contribute