CNNVD-202508-3325 Information
CNNVD ID
CNNVD-202508-3325
Related CVE
- CNNVD Published: 2025-08-28
Description (Chinese)
Asterisk是Asterisk开源的一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 18.26.4版本和18.9-cert17之前版本存在安全漏洞,该漏洞源于缺少会话终止,可能导致RTP UDP端口和内部资源泄露。
Description (English)
Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. There is a security loophole in Asteristk 18.26.4 and prior versions 18.9-cert17, which stems from the absence of a session to end and may lead to the leakage of RTP UDP ports and internal resources.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Astium
Published
2025-08-28
Last Modified
2026-02-24
References
https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2 https://github.com/asterisk/asterisk/pull/1406 https://github.com/asterisk/asterisk/pull/1405 https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 https://vigilance.fr/vulnerability/Asterisk-Open-Source-denial-of-service-via-RTP-UDP-Ports-48089 https://nvd.nist.gov/vuln/detail/CVE-2025-54995
Patch
https://www.asterisk.org/downloads/
Share on: