Known Vulnerabilities for products from Asterisk
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Asterisk".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6907 json | Not Provided | 2026-05-05 | 2026-05-06 | |
| CVE-2022-23608 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-22 | 2023-08-30 |
| CVE-2022-21723 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.1 - CRITICAL | 2022-01-27 | 2023-08-30 |
| CVE-2021-46837 json | res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk bef... | 6.5 - MEDIUM | 2022-08-30 | 2023-01-28 |
| CVE-2021-37706 json | PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols ... | 9.8 - CRITICAL | 2021-12-22 | 2023-08-30 |
| CVE-2020-28327 json | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1... | 5.3 - MEDIUM | 2020-11-06 | 2020-11-20 |
| CVE-2020-28242 json | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before... | 6.5 - MEDIUM | 2020-11-06 | 2023-11-07 |
| CVE-2018-12228 json | An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abr... | 6.5 - MEDIUM | 2018-06-12 | 2019-10-03 |
| CVE-2017-9358 json | A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Ast... | Not Provided | 2017-06-02 | 2025-04-20 |
| CVE-2013-2686 json | main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Ce... | Not Provided | 2013-04-01 | 2026-04-29 |
| CVE-2013-2685 json | Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers ... | Not Provided | 2013-04-01 | 2026-04-29 |
| CVE-2013-2264 json | The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified ... | Not Provided | 2013-04-01 | 2026-04-29 |
| CVE-2012-2948 json | chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open... | Not Provided | 2012-06-02 | 2026-04-29 |
| CVE-2012-2416 json | chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Busine... | Not Provided | 2012-04-30 | 2026-04-29 |
| CVE-2012-2415 json | Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8... | Not Provided | 2012-04-30 | 2026-04-29 |
| CVE-2012-2414 json | main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x befo... | Not Provided | 2012-04-30 | 2026-04-29 |
| CVE-2012-2186 json | Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Ce... | Not Provided | 2012-08-31 | 2026-04-29 |
| CVE-2012-0885 json | chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media su... | Not Provided | 2012-01-25 | 2026-04-29 |
| CVE-2011-4063 json | chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properl... | Not Provided | 2011-10-21 | 2026-04-29 |
| CVE-2010-0441 json | Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 b... | Not Provided | 2010-02-04 | 2026-04-29 |
Known software with vulnerabilities from Asterisk
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Asterisk | Certified Asterisk | 13.13.0 |
| Application | Asterisk | Open Source | 1.6.1 |