Security Advisories

Stay up to date with the latest security advisories for the
Asterisk Project.

AST-2022-009: GetConfig AMI Action can read files outside of Asterisk directory

December 1, 2022

http://downloads.asterisk.org/pub/security/AST-2022-009.html

http://issues.asterisk.org/jira/browse/ASTERISK-30176

AST-2022-008: Use after free in res_pjsip_pubsub.c

December 1, 2022

https://downloads.asterisk.org/pub/security/AST-2022-008.html

https://issues.asterisk.org/jira/browse/ASTERISK-30244

AST-2022-007: Remote Crash Vulnerability in H323 channel add on

December 1, 2022

https://downloads.asterisk.org/pub/security/AST-2022-007.html

https://issues.asterisk.org/jira/browse/ASTERISK-30103

AST-2022-001: res_stir_shaken – Resource exhaustion with large files

April 14, 2022

https://downloads.asterisk.org/pub/security/AST-2022-001.html

https://issues.asterisk.org/jira/browse/ASTERISK-29872

AST-20220-002: res_stir_shaken: Blind SSRF vulnerabilities

April 14, 2022

https://downloads.asterisk.org/pub/security/AST-2022-002.html

https://issues.asterisk.org/jira/browse/ASTERISK-29476