Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-26498

Опубликовано: 15 апр. 2022
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 16.15.0 (включая) до 16.25.1 (включая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 18.0 (включая) до 18.11.2 (исключая)
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
Версия от 19.0.0 (включая) до 19.3.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00206
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2022-26498

CVSS3: 7.5
ubuntu
почти 4 года назад

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

debian логотип

CVE-2022-26498

CVSS3: 7.5
debian
почти 4 года назад

An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...

github логотип

GHSA-x4hp-q863-hc8m

CVSS3: 7.5
github
почти 4 года назад

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

EPSS

Процентиль: 43%
0.00206
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400