Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

Out-of-Bounds Read in Q.931 Information Element Parser (H.323 Addon): (GHSA-746q-794h-cc7f)

June 25, 2026

Heap-use-after-free in Asterisk PJSIP TCP/SDP handling when TCP connection closes during SDP processing: (GHSA-g8q2-p36q-94f6)

June 25, 2026

ARI REST-over-WebSocket read-only bypass allows arbitrary module path load and conditional RCE: (GHSA-wcvv-g26m-wx5c)

June 25, 2026

chan_unistim DIALPAGE digit handling can overflow phone_number and crash Asterisk: (GHSA-3g56-cgrh-95p5)

June 25, 2026

CVE-2022-37325 fix is absent from current chan_ooh323 Q.931 party-number parser: (GHSA-h5hv-jmgj-92q2)

June 25, 2026

What can we help you find?