GCVE - cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*

part: a version: 0.2 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.723996

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2006-5444`	vulnerable	2026-06-08 04:49:20.513354	Details available Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Published: 2006-10-23T17:00:00.000Z Updated: 2024-08-07T19:48:30.383Z Open on db.gcve.eu Reference links http://secunia.com/advisories/22480 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://www.us.debian.org/security/2006/dsa-1229 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-1827`	vulnerable	2026-06-08 04:48:58.110872	Details available Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. Published: 2006-04-18T20:00:00.000Z Updated: 2024-08-07T17:27:29.111Z Open on db.gcve.eu Reference links http://secunia.com/advisories/19872 http://www.vupen.com/english/advisories/2006/1478 http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory http://www.debian.org/security/2006/dsa-1048 http://www.securityfocus.com/bid/17561	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2003-0779`	vulnerable	2026-06-08 04:47:22.465824	Details available SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string. Published: 2003-09-12T04:00:00.000Z Updated: 2024-08-08T02:05:12.547Z Open on db.gcve.eu Reference links http://www.atstake.com/research/advisories/2003/a091103-1.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.