GCVE - cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.8.5:*:*:*:*:*:*:*

part: a version: 1.8.5 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.875474

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-2316`	vulnerable	2026-06-08 05:07:34.103416	Details available chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values. Published: 2016-02-22T15:05:00.000Z Updated: 2024-08-05T23:24:48.520Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/82651 http://www.securitytracker.com/id/1034930 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177409.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177422.html http://www.debian.org/security/2016/dsa-3700	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2232`	vulnerable	2026-06-08 05:07:33.742390	Details available Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost. Published: 2016-02-22T15:05:00.000Z Updated: 2024-08-05T23:24:48.950Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2016-003.html http://www.securitytracker.com/id/1034931 http://www.debian.org/security/2016/dsa-3700	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-4047`	vulnerable	2026-06-08 05:05:44.075145	Details available Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections. Published: 2014-06-17T14:00:00.000Z Updated: 2024-08-06T11:04:28.373Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/532415/100/0/threaded http://packetstormsecurity.com/files/127089/Asterisk-Project-Security-Advisory-AST-2014-007.html http://downloads.asterisk.org/pub/security/AST-2014-007.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2287`	vulnerable	2026-06-08 05:05:28.356038	Details available channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authenticated users to cause a denial of service (channel and file descriptor consumption) via an INVITE request with a (1) Session-Expires or (2) Min-SE header with a malformed or invalid value. Published: 2014-04-18T19:00:00.000Z Updated: 2024-08-06T10:06:00.091Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/66094 http://downloads.asterisk.org/pub/security/AST-2014-002.html https://issues.asterisk.org/jira/browse/ASTERISK-23373 http://www.mandriva.com/security/advisories?name=MDVSA-2014:078 http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-2286`	vulnerable	2026-06-08 05:05:28.252563	Details available main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers. Published: 2014-04-18T19:00:00.000Z Updated: 2024-08-06T10:06:00.334Z Open on db.gcve.eu Reference links https://issues.asterisk.org/jira/browse/ASTERISK-23340 http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff http://downloads.asterisk.org/pub/security/AST-2014-001.html http://www.securityfocus.com/bid/66093 http://www.mandriva.com/security/advisories?name=MDVSA-2014:078	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5977`	vulnerable	2026-06-08 05:02:58.944486	Details available Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Published: 2013-01-04T15:00:00.000Z Updated: 2024-08-06T21:21:28.317Z Open on db.gcve.eu Reference links http://www.debian.org/security/2013/dsa-2605 https://issues.asterisk.org/jira/browse/ASTERISK-20175 http://downloads.asterisk.org/pub/security/AST-2012-015	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5976`	vulnerable	2026-06-08 05:02:58.891160	Details available Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Published: 2013-01-04T11:00:00.000Z Updated: 2024-08-06T21:21:28.331Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-014 http://www.debian.org/security/2013/dsa-2605	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4737`	vulnerable	2026-06-08 05:02:52.388834	Details available channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. Published: 2012-08-31T14:00:00.000Z Updated: 2024-08-06T20:42:55.248Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.securitytracker.com/id?1027461 http://www.debian.org/security/2012/dsa-2550	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3863`	vulnerable	2026-06-08 05:02:14.034409	Details available channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. Published: 2012-07-09T10:00:00.000Z Updated: 2024-08-06T20:21:03.613Z Open on db.gcve.eu Reference links http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.debian.org/security/2012/dsa-2550 http://www.securityfocus.com/bid/54327 http://downloads.asterisk.org/pub/security/AST-2012-010.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-3812`	vulnerable	2026-06-08 05:02:13.859568	Details available Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. Published: 2012-07-09T22:00:00.000Z Updated: 2024-08-06T20:21:02.907Z Open on db.gcve.eu Reference links http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.securityfocus.com/bid/54317 http://www.debian.org/security/2012/dsa-2550 https://issues.asterisk.org/jira/browse/ASTERISK-20052	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2947`	vulnerable	2026-06-08 05:02:07.334885	Details available chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. Published: 2012-06-02T15:00:00.000Z Updated: 2024-08-06T19:50:05.310Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2493 http://www.securitytracker.com/id?1027102 http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html http://downloads.asterisk.org/pub/security/AST-2012-007.html http://secunia.com/advisories/49303	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1184`	vulnerable	2026-06-08 05:00:48.141795	Details available Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header. Published: 2012-09-18T18:00:00.000Z Updated: 2024-08-06T18:53:35.690Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2012/03/16/17 http://downloads.asterisk.org/pub/security/AST-2012-003.pdf http://www.asterisk.org/node/51797 http://secunia.com/advisories/48417 http://www.openwall.com/lists/oss-security/2012/03/16/10	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4598`	vulnerable	2026-06-08 04:59:32.172218	Details available The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.356Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273 http://osvdb.org/77598 http://downloads.asterisk.org/pub/security/AST-2011-014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4597`	vulnerable	2026-06-08 04:59:32.068527	Details available The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.309Z Open on db.gcve.eu Reference links http://osvdb.org/77597 http://downloads.asterisk.org/pub/security/AST-2011-013.html http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.