Digium Asterisk 1.6.0.2
Approved changes feed: RSS · Atom
cpe:2.3:a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*
part: a version: 1.6.0.2 update: *
| Vendor | Digium (05ad29b7-5b41-56d5-935d-a279ab7f14bc) |
|---|---|
| Product | Asterisk (a75a6886-b0b4-5160-9cfa-f749f3c86956) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/asterisk/asterisk |
purl2cpe | 2026-06-01 10:15:41.874964 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-2529 |
vulnerable | 2026-06-08 04:58:07.491764 |
Details available
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.
Published: 2011-07-06T19:00:00.000Z
Updated: 2024-08-06T23:08:22.019Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-1224 |
vulnerable | 2026-06-08 04:54:06.545486 |
Details available
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.
Published: 2010-04-01T21:00:00.000Z
Updated: 2024-08-07T01:14:06.690Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-4055 |
vulnerable | 2026-06-08 04:51:46.758119 |
Details available
rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.
Published: 2009-12-02T11:00:00.000Z
Updated: 2024-08-07T06:45:51.226Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-3727 |
vulnerable | 2026-06-08 04:51:43.985841 |
Details available
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Published: 2009-11-10T18:00:00.000Z
Updated: 2024-08-07T06:38:30.134Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-0871 |
vulnerable | 2026-06-08 04:51:11.732041 |
Details available
The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
Published: 2009-03-11T14:00:00.000Z
Updated: 2024-08-07T04:48:52.606Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.