GCVE - cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:12.1.0:*:*:*:*:*:*:*

part: a version: 12.1.0 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.778484

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-9374`	vulnerable	2026-06-08 05:06:11.551723	Details available Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame. Published: 2014-12-12T15:00:00.000Z Updated: 2024-08-06T13:40:25.047Z Open on db.gcve.eu Reference links http://advisories.mageia.org/MGASA-2015-0010.html http://downloads.asterisk.org/pub/security/AST-2014-019.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:018 http://www.securityfocus.com/archive/1/534197/100/0/threaded http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-6610`	vulnerable	2026-06-08 05:05:58.055663	Details available Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dialplan application. Published: 2014-11-26T15:00:00.000Z Updated: 2024-08-06T12:24:34.306Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2014-010.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-6609`	vulnerable	2026-06-08 05:05:58.019312	Details available The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package. Published: 2014-11-26T15:00:00.000Z Updated: 2024-08-06T12:24:34.015Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2014-009.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.