GCVE - cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*

part: a version: 1.4.40.2 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.829405

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4597`	vulnerable	2026-06-08 04:59:32.166415	Details available The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.309Z Open on db.gcve.eu Reference links http://osvdb.org/77597 http://downloads.asterisk.org/pub/security/AST-2011-013.html http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2666`	vulnerable	2026-06-08 04:58:08.322108	Details available The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:23.735Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 http://downloads.asterisk.org/pub/security/AST-2011-011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2536`	vulnerable	2026-06-08 04:58:07.568435	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.022Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2535`	vulnerable	2026-06-08 04:58:07.555264	Details available chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.031Z Open on db.gcve.eu Reference links http://secunia.com/advisories/44973 http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 http://downloads.asterisk.org/pub/security/AST-2011-010.html http://www.securityfocus.com/bid/48431	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.