Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used (GHSA-v428-g3cw-7hv9)

September 5, 2024

Write=originate, is sufficient permissions for code execution / System() dialplan (GHSA-c4cg-9275-6w44)

August 8, 2024

res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests (GHSA-qqxj-v78h-hrf9)

May 17, 2024

PJSIP_HEADER dialplan function can overwrite memory/cause crash when using ‘update’ (GHSA-98rc-4j27-74hh)

December 20, 2023

PJSIP logging allows attacker to inject fake Asterisk log entries (GHSA-5743-x3p5-3rg7)

December 20, 2023

What can we help you find?