Digium Certified Asterisk 16.8 Cert 5

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:certified_asterisk:16.8:cert5:*:*:*:*:*:*

part: a version: 16.8 update: cert5

VendorDigium (05ad29b7-5b41-56d5-935d-a279ab7f14bc)
ProductCertified Asterisk (28acf01c-dbb1-5902-9616-b4c28682b220)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:asterisk/telephony/certified-asterisk purl2cpe 2026-06-01 10:15:42.008660
pkg:github/asterisk/asterisk purl2cpe 2026-06-01 10:15:42.008661

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-26651 vulnerable 2026-06-08 05:41:52.759266 Details available
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
Published: 2022-04-15T00:00:00.000Z
Updated: 2024-08-03T05:11:43.391Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32558 vulnerable 2026-06-08 05:32:07.438598 Details available
An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.
Published: 2021-07-27T05:19:34.000Z
Updated: 2024-08-03T23:25:30.855Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-26906 vulnerable 2026-06-08 05:30:45.552570 Details available
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
Published: 2021-02-18T19:50:04.000Z
Updated: 2024-08-03T20:33:41.368Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-26717 vulnerable 2026-06-08 05:30:45.156983 Details available
An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.
Published: 2021-02-18T19:39:46.000Z
Updated: 2024-08-03T20:33:40.586Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-26713 vulnerable 2026-06-08 05:30:45.149822 Details available
A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6 allows an authenticated WebRTC client to cause an Asterisk crash by sending multiple hold/unhold requests in quick succession. This is caused by a signedness comparison mismatch.
Published: 2021-02-19T19:30:30.000Z
Updated: 2024-08-03T20:33:40.660Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-26712 vulnerable 2026-06-08 05:30:45.148914 Details available
Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure calls by replaying SRTP packets.
Published: 2021-02-18T20:10:20.000Z
Updated: 2024-08-03T20:33:40.803Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.