Lucene search

K

GoogleOSV:CVE-2022-26498

HistoryApr 15, 2022 - 5:15 a.m.

CVE-2022-26498

2022-04-1505:15:06

Google

osv.dev

29

asterisk

stir/shaken

download

resource exhaustion

fix

16.25.2

18.11.2

19.3.2

EPSS

0.041

Percentile

92.2%

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html

packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html

downloads.asterisk.org/pub/security/

downloads.asterisk.org/pub/security/AST-2022-001.html

lists.debian.org/debian-lts-announce/2022/11/msg00021.html

www.debian.org/security/2022/dsa-5285

EPSS

0.041

Percentile

92.2%

Related for OSV:CVE-2022-26498

cvelist1 alpinelinux1 ubuntucve1 prion1 veracode1 cve1 nvd1 debiancve1 nessus3 openvas3 freebsd1 osv2 debian2