Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Digium Subscribe
Filtered by product Open Source
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9359 1 Digium 2 Certified Asterisk, Open Source 2017-11-04 5.0 MEDIUM 7.5 HIGH
The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.
CVE-2017-9372 1 Digium 2 Certified Asterisk, Open Source 2017-11-04 5.0 MEDIUM 7.5 HIGH
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter.