Search CVE reports
31 – 40 of 191 results
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in...
1 affected package
asterisk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2,...
1 affected package
asterisk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource...
1 affected package
asterisk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | — | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 15
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set...
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Vulnerable |
| ring | Not in release | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 15
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer,...
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Fixed |
| ring | Not in release | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 15
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Fixed |
| ring | Not in release | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | — | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Fixed |
| ring | — | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 15
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Fixed |
| ring | Not in release | Not in release | — | Fixed | Fixed |
Some fixes available 4 of 14
Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
3 affected packages
asterisk, pjproject, ring
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asterisk | — | Needs evaluation | Needs evaluation | Ignored | Ignored |
| pjproject | — | — | — | — | Fixed |
| ring | — | Not in release | — | Fixed | Fixed |
Some fixes available 2 of 15
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an...
3 affected packages
pjproject, ring, asterisk
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| pjproject | — | — | — | — | Vulnerable |
| ring | Not in release | Not in release | — | Fixed | Fixed |
| asterisk | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |