GCVE - cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.2.6:*:*:*:*:*:*:*

part: a version: 1.2.6 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.778605

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-0685`	vulnerable	2026-06-08 04:52:03.939726	Details available The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available. Published: 2010-02-23T20:00:00.000Z Updated: 2024-08-07T00:59:38.329Z Open on db.gcve.eu Reference links http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt http://secunia.com/advisories/39096 http://www.securitytracker.com/id?1023637 http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html http://www.securityfocus.com/archive/1/509608/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-1306`	vulnerable	2026-06-08 04:49:42.035649	Details available Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference. Published: 2007-03-07T00:00:00.000Z Updated: 2024-08-07T12:50:35.142Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2007/0830 http://www.securityfocus.com/bid/22838 http://www.osvdb.org/33888 http://secunia.com/advisories/24578 http://asterisk.org/node/48319	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5445`	vulnerable	2026-06-08 04:49:20.521755	Details available Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. Published: 2006-10-23T17:00:00.000Z Updated: 2024-08-07T19:48:30.533Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/4098 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.securityfocus.com/bid/20835 http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-5444`	vulnerable	2026-06-08 04:49:20.518018	Details available Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. Published: 2006-10-23T17:00:00.000Z Updated: 2024-08-07T19:48:30.383Z Open on db.gcve.eu Reference links http://secunia.com/advisories/22480 http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13 http://www.us.debian.org/security/2006/dsa-1229 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://www.novell.com/linux/security/advisories/2006_69_asterisk.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-4345`	vulnerable	2026-06-08 04:49:17.663587	Details available Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. Published: 2006-08-24T20:00:00.000Z Updated: 2024-08-07T19:06:07.392Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2006/3372 http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml http://labs.musecurity.com/advisories/MU-200608-01.txt http://secunia.com/advisories/22651 http://www.securityfocus.com/bid/19683	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-2898`	vulnerable	2026-06-08 04:49:07.808807	Details available The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. Published: 2006-06-07T10:00:00.000Z Updated: 2024-08-07T18:06:27.038Z Open on db.gcve.eu Reference links http://securitytracker.com/id?1016236 http://www.debian.org/security/2006/dsa-1126 http://secunia.com/advisories/20899 http://secunia.com/advisories/20658 https://exchange.xforce.ibmcloud.com/vulnerabilities/27045	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.