Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Asterisk — Vulnerabilities & Security Advisories 17

Browse all 17 CVE security advisories affecting Asterisk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Asterisk serves as an open-source communication platform for VoIP, PBX, and unified communications systems. Historically, it has faced vulnerabilities across multiple classes, including remote code execution, cross-site scripting, privilege escalation, and authentication bypass issues. Security researchers have identified flaws in its SIP channel drivers, web interfaces, and session handling mechanisms. While no single major incident stands out, the accumulation of 17 CVEs over time indicates consistent security challenges in handling untrusted input and maintaining proper access controls. Its modular architecture, while flexible, introduces multiple potential attack surfaces that require careful configuration and regular updates to mitigate risks.

Found 17 results / 17Clear Filters
Top products by Asterisk: asterisk
LowCVE-2026-23742026-02-07
ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalati
CriticalDSA-2225-12025-11-08
[SECURITY] [DSA 2225-1] asterisk security update
MediumCVE-2025-11312025-09-24
Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. · Advisory · asterisk/ast
MediumCVE-2021-405992025-08-29
Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources · Advisory ·
MediumCVE-2025-477802025-05-24
cli_permissions.conf: deny option does not work for disallowing shell commands · Advisory · asterisk/asterisk · GitHub
HighCVE-2025-477792025-05-24
Using malformed From header can forge identity with ";" or NULL in name portion · Advisory · asterisk/asterisk · GitHub
MediumCVE-2024-424912024-09-07
A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound
MediumGHSA-v428-g3cw-7hv92024-09-07
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_cal… · asterisk/asterisk@4f01669 · GitHub
LowGHSA-v428-g3cw-7hv92024-09-07
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_cal… · asterisk/asterisk@50bf8d4 · GitHub
High2024-08-10
Write=originate, is sufficient permissions for code execution / System() dialplan · Advisory · asterisk/asterisk · GitHu
HighGHSA-c4cg-9275-6w442024-08-10
manager.c: Add entries to Originate blacklist · asterisk/asterisk@bbe68db · GitHub
HighGHSA-c4cg-9275-6w442024-08-10
manager.c: Add entries to Originate blacklist · asterisk/asterisk@faddd99 · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with Asterisk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.