GCVE - cpe:2.3:a:asterisk:certified_asterisk:16.8.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:asterisk:certified_asterisk:16.8.0:*:*:*:*:*:*:*

part: a version: 16.8.0 update: *

Vendor	Asterisk (`8cf0208b-fb97-57c9-94a0-6da40e548dcd`)
Product	Certified Asterisk (`57dadbdf-496a-598b-b5de-a5360c9eb937`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-21723`	vulnerable	2026-06-03 14:46:13.418597	Out-of-bounds read in multipart parsing in PJSIP CRITICAL (9.1) PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the `master` branch. There are no known workarounds. Published: 2022-01-27T00:00:00.000Z Updated: 2025-11-04T16:09:30.947Z Open on db.gcve.eu Reference links https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 http://seclists.org/fulldisclosure/2022/Mar/2 http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-37706`	vulnerable	2026-06-03 14:45:01.011091	Potential integer underflow upon receiving STUN message in PJSIP HIGH (7.3) PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds. Published: 2021-12-22T00:00:00.000Z Updated: 2025-11-04T16:09:17.025Z Open on db.gcve.eu Reference links https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 http://seclists.org/fulldisclosure/2022/Mar/0 http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Certified Asterisk

PURL mappings

Vulnerability references

Contribute