An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.html | Patch Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.html | |
https://downloads.asterisk.org/pub/security/ | Vendor Advisory |
https://downloads.asterisk.org/pub/security/AST-2022-001.html | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-15T00:00:00
Updated: 2023-05-04T00:00:00
Reserved: 2022-03-06T00:00:00
Link: CVE-2022-26498
JSON object: View
NVD Information
Status : Modified
Published: 2022-04-15T05:15:06.597
Modified: 2023-05-04T17:15:12.307
Link: CVE-2022-26498
JSON object: View
Redhat Information
No data.
CWE