GCVE - cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*

part: a version: c.3.1.1 update: -

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	business
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.875591

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4737`	vulnerable	2026-06-08 05:02:52.445119	Details available channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. Published: 2012-08-31T14:00:00.000Z Updated: 2024-08-06T20:42:55.248Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.securitytracker.com/id?1027461 http://www.debian.org/security/2012/dsa-2550	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2536`	vulnerable	2026-06-08 04:58:07.579132	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.022Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2535`	vulnerable	2026-06-08 04:58:07.556334	Details available chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.031Z Open on db.gcve.eu Reference links http://secunia.com/advisories/44973 http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 http://downloads.asterisk.org/pub/security/AST-2011-010.html http://www.securityfocus.com/bid/48431	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1599`	vulnerable	2026-06-08 04:58:00.899312	Details available manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-06T22:28:41.962Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2011/1188 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://www.debian.org/security/2011/dsa-2225 http://openwall.com/lists/oss-security/2011/04/22/6 http://www.securityfocus.com/bid/47537	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1507`	vulnerable	2026-06-08 04:57:59.924862	Details available Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-06T22:28:41.814Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2011/1188 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058922.html http://www.debian.org/security/2011/dsa-2225 http://securitytracker.com/id?1025432 http://www.vupen.com/english/advisories/2011/1086	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1147`	vulnerable	2026-06-08 04:57:56.104852	Details available Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet. Published: 2011-03-15T17:00:00.000Z Updated: 2024-08-06T22:14:27.830Z Open on db.gcve.eu Reference links http://secunia.com/advisories/43702 http://www.securityfocus.com/bid/46474 http://www.debian.org/security/2011/dsa-2225 http://secunia.com/advisories/43429 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055421.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.