CVE-2022-26498
CVE-2022-26498
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://packetstormsecurity.com/files/166744/Asterisk-Project-Security-Advisory-AST-2022-001.htmlhttp://packetstormsecurity.com/files/172139/Shannon-Baseband-chatroom-SDP-Attribute-Memory-Corruption.htmlhttps://downloads.asterisk.org/pub/security/https://downloads.asterisk.org/pub/security/AST-2022-001.htmlhttps://lists.debian.org/debian-lts-announce/2022/11/msg00021.htmlhttps://www.debian.org/security/2022/dsa-5285