Lucene search

K

MitreCVELIST:CVE-2022-26498

HistoryApr 15, 2022 - 12:00 a.m.

CVE-2022-26498

2022-04-1500:00:00

mitre

www.cve.org

6

asterisk

stir/shaken

unauthorized downloads

resource exhaustion

fix

AI Score

8.3

Confidence

High

EPSS

0.041

Percentile

92.2%

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html

packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html

downloads.asterisk.org/pub/security/

downloads.asterisk.org/pub/security/AST-2022-001.html

lists.debian.org/debian-lts-announce/2022/11/msg00021.html

www.debian.org/security/2022/dsa-5285

AI Score

8.3

Confidence

High

EPSS

0.041

Percentile

92.2%

Related for CVELIST:CVE-2022-26498

osv3 alpinelinux1 prion1 ubuntucve1 veracode1 cve1 nvd1 debiancve1 nessus3 openvas3 freebsd1 debian2