Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

cli_permissions.conf: deny option does not work for disallowing shell commands : (GHSA-c7p6-7mvq-8jq2)

May 22, 2025

https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2

Using malformed From header can forge identity with “;” or NULL in name portion : (GHSA-2grh-7mhv-fcfw)

May 22, 2025

https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw

Path traversal via AMI ListCategories allows access to outside files: (GHSA-33×6-fj46-6rfh)

January 9, 2025

https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh

A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used (GHSA-v428-g3cw-7hv9)

September 5, 2024

https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9

Write=originate, is sufficient permissions for code execution / System() dialplan (GHSA-c4cg-9275-6w44)

August 8, 2024

https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44