Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

asterisk — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in asterisk, with AI-generated Chinese analysis, references, and POCs.

Vendor: asterisk

CVE IDTitleCVSSSeverityPaused
CVE-2026-23741 ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation CWE-427--2026-02-06
CVE-2026-23740 Asterisk vulnerable to potential privilege escalation CWE-427--2026-02-06
CVE-2026-23739 Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection CWE-611 2.0 Low2026-02-06
CVE-2026-23738 The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization CWE-79 3.5 Low2026-02-06
CVE-2025-1131 Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation CWE-427 7.8AIHighAI2025-09-23
CVE-2025-57767 Asterisk can crash from a specifically malformed Authorization header in an incoming SIP request CWE-253 7.5 High2025-08-28
CVE-2025-54995 Asterisk remotely exploitable leak of RTP UDP ports and internal resources CWE-1286 6.5 Medium2025-08-28
CVE-2025-49832 Asterisk is Vulnerable to Remote DoS and possible RCE Attacks During Memory Allocation CWE-476 6.5 Medium2025-08-01
CVE-2025-47780 cli_permissions.conf: deny option does not work for disallowing shell commands CWE-78 8.8AIHighAI2025-05-22
CVE-2025-47779 Using malformed From header can forge identity with ";" or NULL in name portion CWE-140 7.7 High2025-05-22
CVE-2024-42491 A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used CWE-252 5.7 Medium2024-09-05
CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan CWE-267 7.4 High2024-08-08
CVE-2024-35190 Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests CWE-303 5.8 Medium2024-05-17
CVE-2023-49786 Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation CWE-703 7.5 High2023-12-14
CVE-2023-37457 Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update' CWE-120 7.5 High2023-12-14
CVE-2023-49294 Asterisk Path Traversal vulnerability CWE-22 4.9 Medium2023-12-14
CVE-2009-3723 Digium Asterisk 安全漏洞 --2019-10-29

All 17 known CVE vulnerabilities affecting asterisk with full Chinese analysis, references, and POCs where available.