CVE-2025-54995
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54995
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54995.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-54995
- Aliases
-
- GHSA-557q-795j-wfx2
- Downstream
- Published
- 2025-08-28T15:16:02Z
- Modified
- 2025-08-28T22:57:24.729331Z
- Summary
- [none]
- Details
-
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
- References
-
- https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2
- https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9
- https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d
- https://github.com/asterisk/asterisk/pull/1405
- https://github.com/asterisk/asterisk/pull/1406
- https://security-tracker.debian.org/tracker/CVE-2025-54995
Affected packages
Debian:11 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/debian/asterisk?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:16.*
1:16.16.1~dfsg-1
1:16.16.1~dfsg-1+deb11u1~bpo10+1
1:16.16.1~dfsg-1+deb11u1
1:16.16.1~dfsg-2
1:16.16.1~dfsg-3
1:16.16.1~dfsg-4
1:16.16.1~dfsg+~2.10-1
1:16.16.1~dfsg+~2.10-2
1:16.23.0~dfsg+~2.10-1
1:16.23.0~dfsg+~cs6.10.20220309-1
1:16.23.0~dfsg+~cs6.10.20220309-2
1:16.23.0~dfsg+~cs6.10.40431411-1
1:16.28.0~dfsg-0+deb11u1
1:16.28.0~dfsg-0+deb11u2
1:16.28.0~dfsg-0+deb11u3
1:16.28.0~dfsg-0+deb11u4
1:16.28.0~dfsg-0+deb11u5
1:16.28.0~dfsg-0+deb11u6
1:16.28.0~dfsg-0+deb11u7
1:18.*
1:18.9.0~dfsg+~cs6.10.40431411-1
1:18.10.0~dfsg+~cs6.10.40431411-1
1:18.10.0~dfsg+~cs6.10.40431411-2
1:18.10.1~dfsg+~cs6.10.40431411-1
1:18.11.1~dfsg+~cs6.10.40431413-1
1:18.11.2~dfsg+~cs6.10.40431413-1
1:18.12.0~dfsg+~cs6.12.40431413-1
1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1
1:18.14.0~dfsg+~cs6.12.40431414-1
1:20.*
1:20.0.0~~rc1~dfsg+~cs6.12.40431414-1
1:20.0.0~~rc2~dfsg+~cs6.12.40431414-1
1:20.0.0~dfsg+~cs6.12.40431414-1
1:20.0.0~dfsg+~cs6.12.40431414-2
1:20.0.1~dfsg+~cs6.12.40431414-1
1:20.1.0~~rc2~dfsg+~cs6.12.40431414-1
1:20.1.0~dfsg+~cs6.12.40431414-1
1:20.2.1~dfsg+~cs6.13.40431413-1
1:20.3.0~dfsg+~cs6.13.40431413-1
1:20.4.0~dfsg+~cs6.13.40431414-1
1:20.4.0~dfsg+~cs6.13.40431414-2
1:20.5.0~dfsg+~cs6.13.40431414-1
1:20.5.1~dfsg+~cs6.13.40431414-1
1:20.5.2~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-2
1:20.8.1~dfsg+~cs6.14.40431414-1
1:20.9.3~dfsg+~cs6.14.60671435-1
1:22.*
1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1
1:22.0.0~dfsg+~cs6.14.60671435-1
1:22.1.0~dfsg+~cs6.14.60671435-1
1:22.1.1~dfsg+~cs6.14.60671435-1
1:22.2.0~dfsg+~cs6.15.60671435-1
1:22.2.0~dfsg+~cs6.15.60671435-2
1:22.3.0~~rc1~dfsg+~cs6.15.60671435-1
1:22.3.0~dfsg+~cs6.15.60671435-1
1:22.4.1~dfsg+~cs6.15.60671435-1
1:22.4.1~dfsg+~cs6.15.60671435-2
1:22.5.1~dfsg+~cs6.15.60671435-1