GCVE - cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*

part: a version: 1.4.7.1 update: *

Vendor	Digium (`05ad29b7-5b41-56d5-935d-a279ab7f14bc`)
Product	Asterisk (`a75a6886-b0b4-5160-9cfa-f749f3c86956`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/asterisk/asterisk`	purl2cpe	2026-06-01 10:15:41.829443

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-4597`	vulnerable	2026-06-08 04:59:32.106172	Details available The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests. Published: 2011-12-15T02:00:00.000Z Updated: 2024-08-07T00:09:19.309Z Open on db.gcve.eu Reference links http://osvdb.org/77597 http://downloads.asterisk.org/pub/security/AST-2011-013.html http://openwall.com/lists/oss-security/2011/12/09/4 http://openwall.com/lists/oss-security/2011/12/09/3 http://secunia.com/advisories/47273	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2666`	vulnerable	2026-06-08 04:58:08.320270	Details available The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:23.735Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/68472 http://downloads.asterisk.org/pub/security/AST-2011-011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2536`	vulnerable	2026-06-08 04:58:07.566627	Details available chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.022Z Open on db.gcve.eu Reference links http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff http://downloads.asterisk.org/pub/security/AST-2011-011.html http://www.securitytracker.com/id?1025734	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2535`	vulnerable	2026-06-08 04:58:07.542962	Details available chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame. Published: 2011-07-06T19:00:00.000Z Updated: 2024-08-06T23:08:22.031Z Open on db.gcve.eu Reference links http://secunia.com/advisories/44973 http://downloads.asterisk.org/pub/security/AST-2011-010-1.8.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/68205 http://downloads.asterisk.org/pub/security/AST-2011-010.html http://www.securityfocus.com/bid/48431	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4055`	vulnerable	2026-06-08 04:51:46.749345	Details available rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length. Published: 2009-12-02T11:00:00.000Z Updated: 2024-08-07T06:45:51.226Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/37153 http://www.securityfocus.com/archive/1/508147/100/0/threaded http://secunia.com/advisories/37677 http://securitytracker.com/id?1023249 http://www.debian.org/security/2009/dsa-1952	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-3727`	vulnerable	2026-06-08 04:51:43.947414	Details available Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header. Published: 2009-11-10T18:00:00.000Z Updated: 2024-08-07T06:38:30.134Z Open on db.gcve.eu Reference links http://secunia.com/advisories/37265 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html http://secunia.com/advisories/37479 http://secunia.com/advisories/37677 http://www.debian.org/security/2009/dsa-1952	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.