GCVE - cpe:2.3:a:sangoma:asterisk:20.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sangoma:asterisk:20.0.0:*:*:*:*:*:*:*

part: a version: 20.0.0 update: *

Vendor	Sangoma (`d67f1eae-5751-5e76-a443-3846a37ebaf1`)
Product	Asterisk (`2cdd226c-a389-5fb3-a2aa-02a9b7bd8e5a`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/asterisk`	purl2cpe	2026-06-01 10:12:26.677947
`pkg:deb/ubuntu/asterisk`	purl2cpe	2026-06-01 10:12:26.677948
`pkg:docker/andrius/asterisk`	purl2cpe	2026-06-01 10:12:26.677950
`pkg:github/sangoma/asterisk`	purl2cpe	2026-06-01 10:12:26.677951
`pkg:maven/org.asteriskjava/asterisk-java`	purl2cpe	2026-06-01 10:12:26.677953
`pkg:rpm/fedora/asterisk`	purl2cpe	2026-06-01 10:12:26.677954
`pkg:rpm/opensuse/asterisk`	purl2cpe	2026-06-01 10:12:26.677956

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-42706`	vulnerable	2026-06-03 14:48:12.808643	Details available An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal. Published: 2022-12-05T00:00:00.000Z Updated: 2025-04-24T14:23:59.814Z Open on db.gcve.eu Reference links https://downloads.asterisk.org/pub/security/AST-2022-009.html https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://www.debian.org/security/2023/dsa-5358	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42705`	vulnerable	2026-06-03 14:48:12.807227	Details available A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription. Published: 2022-12-05T00:00:00.000Z Updated: 2025-04-24T14:25:05.481Z Open on db.gcve.eu Reference links https://downloads.asterisk.org/pub/security/AST-2022-008.html https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://www.debian.org/security/2023/dsa-5358	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37325`	vulnerable	2026-06-03 14:47:46.769265	Details available In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a malformed Calling or Called Party IE can cause a crash. Published: 2022-12-05T00:00:00.000Z Updated: 2025-04-24T14:38:48.415Z Open on db.gcve.eu Reference links https://downloads.asterisk.org/pub/security/AST-2022-007.html https://lists.debian.org/debian-lts-announce/2023/02/msg00029.html https://www.debian.org/security/2023/dsa-5358	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.