Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection: (GHSA-85×7-54wr-vh42)
The Asterisk embedded web server’s /httpstatus page echos user supplied values(cookie and query string) without sanitization: (GHSA-v6hp-wh3r-cwxh)
ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation: (GHSA-xpc6-x892-v83c)
ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation: (GHSA-rvch-3jmx-3jf3)
A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash: (GHSA-64qc-9×89-rx5j)
