CVE-2022-26498
N/A
N/A
Summary
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/AST-2022-001.html
- http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
- http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html
References
- https://downloads.asterisk.org/pub/security/
- https://downloads.asterisk.org/pub/security/AST-2022-001.html
- http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html
- https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
- https://www.debian.org/security/2022/dsa-5285
- http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.