Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:digium:asterisk:12.2.0:*:*:*:*:*:*:*
There are 22 matching records.
Displaying matches 21 through 22.
Vuln ID Summary CVSS Severity

The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device.

Published: June 17, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM

Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before,,,,,, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.

Published: January 20, 2011; 2:00:08 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM