The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 18.104.22.168; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 22.214.171.124 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.
|38677||GLSA-200905-01 : Asterisk: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|33894||openSUSE 10 Security Update : asterisk (asterisk-5524)||Nessus||SuSE Local Security Checks|
|33576||Asterisk IAX2 (IAX) POKE Request Saturation Resource Exhaustion Remote DoS||Nessus||Denial of Service|
|33569||Fedora 8 : asterisk-126.96.36.199-1.fc8 (2008-6676)||Nessus||Fedora Local Security Checks|