CVE-2026-23740

Опубликовано: 06 фев. 2026

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

Ссылки

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:-:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert10:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert11:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert12:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert13:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert14:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:-:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert7:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия до 20.18.2 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 21.0.0 (включая) до 21.12.1 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 22.0.0 (включая) до 22.8.2 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 23.0.0 (включая) до 23.2.2 (исключая)

EPSS

Процентиль: 5%

0.00019

Низкий

7.8 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

CVE-2026-23740

ubuntu

около 2 месяцев назад

CVE-2026-23740

CVSS3: 7.8

redhat

около 2 месяцев назад

CVE-2026-23740

debian

около 2 месяцев назад

Asterisk is an open source private branch exchange and telephony toolk ...

EPSS

Процентиль: 5%

0.00019

Низкий

7.8 High

CVSS3

Дефекты

CWE-427