GCVE - cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*

part: a version: c.3.6.4 update: -

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	business
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.875599

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4737`	vulnerable	2026-06-08 05:02:52.448391	Details available channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. Published: 2012-08-31T14:00:00.000Z Updated: 2024-08-06T20:42:55.248Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.securitytracker.com/id?1027461 http://www.debian.org/security/2012/dsa-2550	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2536`	vulnerable	2026-06-08 04:58:07.579244	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.022Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2535`	vulnerable	2026-06-08 04:58:07.557641	Details available chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.031Z Open on db.gcve.eu Reference links http://secunia.com/advisories/44973 http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 http://downloads.asterisk.org/pub/security/AST-2011-010.html http://www.securityfocus.com/bid/48431	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.