Asterisk Security Vulnerabilities and Issues — Asterisk CVE List

Lucene search

DigiumAsterisk

3 matches found

CVE•added 2022/04/15 5:15 a.m.•150 views

CVE-2022-26651

An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. Thi...

9.8CVSS9.7AI score0.00159EPSS

CVE•added 2022/04/15 5:15 a.m.•102 views

CVE-2022-26499

An SSRF issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it's possible to send arbitrary requests (such as GET) to interfaces such as localhost by using the Identity header. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

9.1CVSS8.8AI score0.00195EPSS

CVE•added 2022/04/15 5:15 a.m.•96 views

CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

7.5CVSS7.9AI score0.00131EPSS