4 matches found
CVE-2026-23740
A flaw was found in Asterisk. When the astcoredumper writes its gdb init and output files to a world-writable directory, a local attacker with write permissions to that directory can exploit this vulnerability. By manipulating the gdb init file and output paths, the attacker can cause the system ...
CVE-2026-23740
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...
CVE-2026-23740 Asterisk vulnerable to potential privilege escalation
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when astcoredumper writes its gdb init and output files to a directory that is world-writable for example /tmp, an attacker with write permissionwhich is a...
CVE-2026-23740
Asterisk contains a local privilege escalation flaw: if ast_coredumper writes gdb init/output to a world-writable directory (e.g., /tmp), a local attacker with write access to that directory can cause arbitrary commands to execute as root or overwrite files by manipulating the gdb init and output...