Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

Path traversal via AMI ListCategories allows access to outside files: (GHSA-33×6-fj46-6rfh)

January 9, 2025

A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used (GHSA-v428-g3cw-7hv9)

September 5, 2024

Write=originate, is sufficient permissions for code execution / System() dialplan (GHSA-c4cg-9275-6w44)

August 8, 2024

res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests (GHSA-qqxj-v78h-hrf9)

May 17, 2024

PJSIP_HEADER dialplan function can overwrite memory/cause crash when using ‘update’ (GHSA-98rc-4j27-74hh)

December 20, 2023

What can we help you find?