GCVE - cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.6.0.18:*:*:*:*:*:*:*

part: a version: 1.6.0.18 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.854514

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-2529`	vulnerable	2026-06-08 04:58:07.503101	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.019Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 http://www.osvdb.org/73307 http://www.securityfocus.com/bid/48431 http://downloads.asterisk.org/pub/security/AST-2011-008.html http://secunia.com/advisories/45239	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1224`	vulnerable	2026-06-08 04:54:06.555515	Details available main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts. Published: 2010-04-01T21:00:00.000Z Updated: 2024-08-07T01:14:06.690Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/509757/100/0/threaded http://downloads.asterisk.org/pub/security/AST-2010-003.html http://downloads.asterisk.org/pub/security/AST-2010-003-1.6.2.diff http://secunia.com/advisories/39096 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4055`	vulnerable	2026-06-08 04:51:46.761759	Details available rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. Published: 2009-12-02T11:00:00.000Z Updated: 2024-08-07T06:45:51.226Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/37153 http://www.securityfocus.com/archive/1/508147/100/0/threaded http://secunia.com/advisories/37677 http://securitytracker.com/id?1023249 http://www.debian.org/security/2009/dsa-1952	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.