Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

Home > Downloads > Security Advisories

AST-2015-003: TLS Certificate Common Name NULL Byte Exploit

April 8, 2015

https://downloads.asterisk.org/pub/security/AST-2015-003.pdf

AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

January 28, 2015

https://downloads.asterisk.org/pub/security/AST-2015-002.pdf

AST-2015-001: File descriptor leak when incompatible codecs are offered

January 28, 2015

https://downloads.asterisk.org/pub/security/AST-2015-001.pdf

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

December 10, 2014

https://downloads.asterisk.org/pub/security/AST-2014-019.pdf

AST-2014-018: AMI permission escalation through DB dialplan function

November 20, 2014

https://downloads.asterisk.org/pub/security/AST-2014-018.pdf