PT-2022-17902 · Asterisk · Asterisk

Ben Ford

Published

2022-04-15

Updated

2023-05-04

CVE-2022-26498

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2

Description An issue was discovered in Asterisk when using STIR/SHAKEN, allowing the download of files that are not certificates. These files could be much larger than expected, leading to Resource Exhaustion.

Recommendations For versions prior to 16.25.2, update to version 16.25.2 or later to resolve the issue. For versions prior to 18.11.2, update to version 18.11.2 or later to resolve the issue. For versions prior to 19.3.2, update to version 19.3.2 or later to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-26498

DLA-3194-1

DSA-5285-1

Affected Products

Asterisk

PT-2022-17902 · Asterisk · Asterisk

CVE-2022-26498

Weakness Enumeration

Related Identifiers

Affected Products

References · 23