Every CVE whose affected-product data names Digium Asterisk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (114)
CVE-2017-14100 — CVSS 9.8 (critical): In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before…
CVE-2022-26651 — CVSS 9.8 (critical): An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly…
CVE-2022-26499 — CVSS 9.1 (critical): An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to…
CVE-2014-8418 — CVSS 9.0 (critical): The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and…
CVE-2011-1599 — CVSS 9.0 (critical): manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and…
CVE-2017-16671 — CVSS 8.8 (high): A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified…
CVE-2017-7617 — CVSS 8.8 (high): Remote code execution can occur in Asterisk Open Source 13.x before 13.14.1 and 14.x before 14.3.1 and Certified Asterisk 13.13 before…
CVE-2019-18610 — CVSS 8.8 (high): An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A…
CVE-2009-2726 — CVSS 7.8 (high): The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before…
CVE-2007-1306 — CVSS 7.8 (high): Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session…
CVE-2006-5445 — CVSS 7.8 (high): Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3…
CVE-2003-0761 — CVSS 7.5 (high): Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases…
CVE-2003-0779 — CVSS 7.5 (high): SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary…
CVE-2006-2898 — CVSS 7.5 (high): The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of…
CVE-2006-4345 — CVSS 7.5 (high): Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary…
CVE-2006-4346 — CVSS 7.5 (high): Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote…
CVE-2006-5444 — CVSS 7.5 (high): Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before…
CVE-2007-4103 — CVSS 7.5 (high): The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before…
CVE-2007-6171 — CVSS 7.5 (high): SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6…
CVE-2012-1184 — CVSS 7.5 (high): Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1…
CVE-2014-2286 — CVSS 7.5 (high): main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x…
CVE-2014-8413 — CVSS 7.5 (high): The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined…
CVE-2016-7550 — CVSS 7.5 (high): asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
CVE-2016-7551 — CVSS 7.5 (high): chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 and Certified Asterisk 11.6 before 11.6-cert15 and 13.8 before…
CVE-2016-9937 — CVSS 7.5 (high): An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is…
CVE-2017-14098 — CVSS 7.5 (high): In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To…
CVE-2017-14099 — CVSS 7.5 (high): In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before…
CVE-2017-14603 — CVSS 7.5 (high): In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before…
CVE-2017-17090 — CVSS 7.5 (high): An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified…
CVE-2017-17850 — CVSS 7.5 (high): An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP…
CVE-2018-17281 — CVSS 7.5 (high): There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x…
CVE-2018-19278 — CVSS 7.5 (high): Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash…
CVE-2018-7284 — CVSS 7.5 (high): A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk…
CVE-2018-7285 — CVSS 7.5 (high): A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk maintains its own registry of…
CVE-2019-15639 — CVSS 7.5 (high): main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a…
CVE-2019-18976 — CVSS 7.5 (high): An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a…
CVE-2021-26712 — CVSS 7.5 (high): Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and Certified Asterisk 16.8-cert5 allow a…
CVE-2021-26717 — CVSS 7.5 (high): An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before…
CVE-2021-32558 — CVSS 7.5 (high): An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and…
CVE-2022-26498 — CVSS 7.5 (high): An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These…
CVE-2023-37457 — CVSS 7.5 (high): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and…
CVE-2023-49786 — CVSS 7.5 (high): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as…
CVE-2011-1147 — CVSS 6.8 (medium): Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in…
CVE-2007-5358 — CVSS 6.8 (medium): Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote…
CVE-2019-18790 — CVSS 6.5 (medium): An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x before 13.29.2, 16.x before 16.6.2, and 17.x before 17.0.1, and…
CVE-2021-46837 — CVSS 6.5 (medium): res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before…
CVE-2019-7251 — CVSS 6.5 (medium): An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1…
CVE-2016-2232 — CVSS 6.5 (medium): Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and…
CVE-2019-12827 — CVSS 6.5 (medium): Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote…
CVE-2020-35652 — CVSS 6.5 (medium): An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0…
CVE-2007-6170 — CVSS 6.5 (medium): SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before…
CVE-2020-35776 — CVSS 6.5 (medium): A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to…
CVE-2018-7286 — CVSS 6.5 (medium): An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through…
CVE-2021-31878 — CVSS 6.5 (medium): An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after…
CVE-2019-15297 — CVSS 6.5 (medium): res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined…
CVE-2014-8417 — CVSS 6.5 (medium): ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows…
CVE-2014-4046 — CVSS 6.5 (medium): Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and Certified Asterisk 11.6 before 11.6-cert3 allows remote authenticated…
CVE-2021-26713 — CVSS 6.5 (medium): A stack-based buffer overflow in res_rtp_asterisk.c in Sangoma Asterisk before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and…
CVE-2006-1827 — CVSS 6.4 (medium): Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length…
CVE-2012-4737 — CVSS 6.0 (medium): channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7…
CVE-2011-0495 — CVSS 6.0 (medium): Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21…
CVE-2021-26906 — CVSS 5.9 (medium): An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through…
CVE-2017-17664 — CVSS 5.9 (medium): A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified…
CVE-2016-2316 — CVSS 5.9 (medium): chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before…
CVE-2018-7287 — CVSS 5.9 (medium): An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled)…
CVE-2017-16672 — CVSS 5.9 (medium): An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13…
CVE-2016-9938 — CVSS 5.3 (medium): An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk…
CVE-2019-13161 — CVSS 5.3 (medium): An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified…
CVE-2018-12227 — CVSS 5.3 (medium): An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk…
CVE-2011-2665 — CVSS 5.0 (medium): reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of…
CVE-2012-5976 — CVSS 5.0 (medium): Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2…
CVE-2013-5641 — CVSS 5.0 (medium): The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before…
CVE-2013-5642 — CVSS 5.0 (medium): The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1…
CVE-2013-7100 — CVSS 5.0 (medium): Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x…
CVE-2014-4047 — CVSS 5.0 (medium): Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6…
CVE-2014-8412 — CVSS 5.0 (medium): The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x…
CVE-2014-8414 — CVSS 5.0 (medium): ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which…
CVE-2014-8415 — CVSS 5.0 (medium): Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers…
CVE-2014-8416 — CVSS 5.0 (medium): Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the…
CVE-2009-2651 — CVSS 5.0 (medium): main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame…
CVE-2014-9374 — CVSS 5.0 (medium): Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before…
CVE-2005-2081 — CVSS 5.0 (medium): Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows…
CVE-2005-3559 — CVSS 5.0 (medium): Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a…
CVE-2009-4055 — CVSS 5.0 (medium): rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business…
CVE-2010-0685 — CVSS 5.0 (medium): The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x…
CVE-2011-1174 — CVSS 5.0 (medium): manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to…
CVE-2011-1175 — CVSS 5.0 (medium): tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows…
CVE-2011-1507 — CVSS 5.0 (medium): Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk…
CVE-2009-3727 — CVSS 5.0 (medium): Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition…
CVE-2011-2216 — CVSS 5.0 (medium): reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows…
CVE-2011-2529 — CVSS 5.0 (medium): chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0'…
CVE-2011-2535 — CVSS 5.0 (medium): chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3…
CVE-2011-2536 — CVSS 5.0 (medium): chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4…
CVE-2011-2666 — CVSS 5.0 (medium): The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not…
CVE-2011-4597 — CVSS 5.0 (medium): The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different…
CVE-2023-49294 — CVSS 4.9 (medium): Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as…
CVE-2014-2288 — CVSS 4.3 (medium): The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, when qualify_frequency "is enabled on an AOR and the remote SIP server…
CVE-2010-1224 — CVSS 4.3 (medium): main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce…
CVE-2011-4598 — CVSS 4.3 (medium): The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when…
CVE-2012-1183 — CVSS 4.3 (medium): Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before…
CVE-2014-4045 — CVSS 4.3 (medium): The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero…
CVE-2015-3008 — CVSS 4.3 (medium): Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 13.3.2 and Certified Asterisk 1.8.28…
CVE-2012-5977 — CVSS 4.3 (medium): Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10…
CVE-2014-4048 — CVSS 4.3 (medium): The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by…
CVE-2012-3863 — CVSS 4.0 (medium): channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5…
CVE-2014-6609 — CVSS 4.0 (medium): The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service…
CVE-2012-3553 — CVSS 4.0 (medium): chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause…
CVE-2012-3812 — CVSS 4.0 (medium): Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk…
CVE-2014-6610 — CVSS 4.0 (medium): Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the…
CVE-2014-2289 — CVSS 3.5 (low): res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to…
CVE-2014-2287 — CVSS 3.5 (low): channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk…
CVE-2009-0871 — CVSS 3.5 (low): The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk…
CVE-2015-1558 — CVSS 3.5 (low): Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports…
CVE-2012-2947 — CVSS 2.6 (low): chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1…