GCVE - cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*

part: a version: 1.6.2.18 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.875156

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4598`	vulnerable	2026-06-08 04:59:32.173233	Details available The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.356Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273 http://osvdb.org/77598 http://downloads.asterisk.org/pub/security/AST-2011-014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4597`	vulnerable	2026-06-08 04:59:32.093863	Details available The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.309Z Open on db.gcve.eu Reference links http://osvdb.org/77597 http://downloads.asterisk.org/pub/security/AST-2011-013.html http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2666`	vulnerable	2026-06-08 04:58:08.313249	Details available The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:23.735Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 http://downloads.asterisk.org/pub/security/AST-2011-011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2536`	vulnerable	2026-06-08 04:58:07.563283	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.022Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2535`	vulnerable	2026-06-08 04:58:07.532384	Details available chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.031Z Open on db.gcve.eu Reference links http://secunia.com/advisories/44973 http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 http://downloads.asterisk.org/pub/security/AST-2011-010.html http://www.securityfocus.com/bid/48431	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2529`	vulnerable	2026-06-08 04:58:07.520754	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.019Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/68203 http://www.osvdb.org/73307 http://www.securityfocus.com/bid/48431 http://downloads.asterisk.org/pub/security/AST-2011-008.html http://secunia.com/advisories/45239	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.