Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

AST-2022-001: res_stir_shaken – Resource exhaustion with large files

April 14, 2022

https://downloads.asterisk.org/pub/security/AST-2022-001.html

https://issues.asterisk.org/jira/browse/ASTERISK-29872

AST-20220-002: res_stir_shaken: Blind SSRF vulnerabilities

April 14, 2022

https://downloads.asterisk.org/pub/security/AST-2022-002.html

https://issues.asterisk.org/jira/browse/ASTERISK-29476

AST-20220-003: ${SQL_ESC()} not correctly escaping a terminating \

April 14, 2022

https://downloads.asterisk.org/pub/security/AST-2022-003.html

https://issues.asterisk.org/jira/browse/ASTERISK-29838

AST-2022-006: pjproject – unconstrained malformed multipart SIP

March 4, 2022

https://downloads.digium.com/pub/security/AST-2022-006.html

AST-2022-005: pjproject – undefined behavior after freeing a dialog

March 4, 2022

https://downloads.digium.com/pub/security/AST-2022-005.html