GCVE - cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:10.6.0:*:*:*:*:*:*:*

part: a version: 10.6.0 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.737707

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-5977`	vulnerable	2026-06-08 05:02:58.946206	Details available Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache. Published: 2013-01-04T15:00:00.000Z Updated: 2024-08-06T21:21:28.317Z Open on db.gcve.eu Reference links http://www.debian.org/security/2013/dsa-2605 https://issues.asterisk.org/jira/browse/ASTERISK-20175 http://downloads.asterisk.org/pub/security/AST-2012-015	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5976`	vulnerable	2026-06-08 05:02:58.908551	Details available Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol. Published: 2013-01-04T11:00:00.000Z Updated: 2024-08-06T21:21:28.331Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-014 http://www.debian.org/security/2013/dsa-2605	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4737`	vulnerable	2026-06-08 05:02:52.434744	Details available channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. Published: 2012-08-31T14:00:00.000Z Updated: 2024-08-06T20:42:55.248Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2012-013.html http://secunia.com/advisories/50687 http://secunia.com/advisories/50756 http://www.securitytracker.com/id?1027461 http://www.debian.org/security/2012/dsa-2550	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.