CVE-2022-26498

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-26498
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26498.json
Related
Published
2022-04-15T05:15:06Z
Modified
2023-11-29T09:32:41.958875Z
Details

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

Affected packages

Alpine:v3.16 / asterisk

Package

Name
asterisk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
18.11.2-r0

Affected versions

1.*

1.6.0.9-r0
1.6.0.9-r1
1.6.0.9-r2
1.6.0.9-r3
1.6.0.9-r4
1.6.0.10-r0
1.6.0.10-r1
1.6.0.10-r2
1.6.0.13-r0
1.6.0.14-r0
1.6.0.14-r1
1.6.0.15-r0
1.6.0.15-r1
1.6.0.15-r2
1.6.0.18-r1
1.6.0.19-r0
1.6.0.19-r1
1.6.0.20-r0
1.6.0.20-r1
1.6.2.1-r0
1.6.2.1-r1
1.6.2.6-r0
1.6.2.6-r1
1.6.2.6-r2
1.6.2.7-r0
1.6.2.7-r1
1.6.2.8-r0
1.6.2.9-r0
1.6.2.10-r0
1.6.2.11-r0
1.6.2.13-r0
1.6.2.13-r1
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1.1-r0
1.8.2.1-r0
1.8.2.2-r0
1.8.2.4-r0
1.8.3-r0
1.8.3.2-r0
1.8.3.2-r1
1.8.3.3-r0
1.8.4-r0
1.8.4.1-r0
1.8.4.2-r0
1.8.4.4-r0
1.8.5.0-r0
1.8.6.0-r0
1.8.7.0-r0
1.8.7.1-r0
1.8.8.0_rc3-r0
1.8.8.0_rc4-r0
1.8.8.0_rc5-r0

10.*

10.0.0-r0
10.0.0-r1
10.0.0-r2
10.0.0-r3
10.0.0-r4
10.0.0-r5
10.0.1-r0
10.0.1-r1
10.1.0-r0
10.1.0-r1
10.1.0-r2
10.1.1-r0
10.1.2-r0
10.1.2-r1
10.1.2-r2
10.1.3-r0
10.2.0-r0
10.2.1-r0
10.3.0-r0
10.3.1-r0
10.4.0-r0
10.4.1-r0
10.4.1-r1
10.4.2-r0
10.4.2-r1
10.5.0-r0
10.5.1-r0
10.5.2-r0
10.6.0-r0
10.6.1-r0
10.7.0-r0
10.7.1-r0
10.7.1-r1
10.7.1-r3
10.8.0-r0
10.8.0-r1
10.9.0-r0

11.*

11.0.0-r2
11.0.1-r0
11.0.2-r0
11.1.0-r0
11.1.2-r0
11.2.0-r0
11.2.1-r0
11.2.2-r0
11.3.0-r0
11.4.0-r0
11.4.0-r1
11.4.0-r2
11.5.0-r0
11.5.0-r1
11.5.0-r2
11.5.1-r0
11.5.1-r1
11.5.1-r2
11.5.1-r3
11.6.0-r0
11.6.1-r0
11.7.0-r0
11.7.0-r1

12.*

12.1.0-r0
12.1.1-r0
12.2.0-r0
12.2.0-r1
12.3.0-r0
12.3.1-r0
12.3.2-r0
12.4.0-r0
12.4.0-r1
12.4.0-r2
12.4.0-r3
12.4.0-r4
12.4.0-r5
12.4.0-r6
12.4.0-r7
12.5.0-r0
12.5.1-r0
12.6.0-r0

13.*

13.0.0-r0
13.0.1-r0
13.0.2-r0
13.1.0-r0
13.1.0-r1
13.1.1-r0
13.2.0-r0
13.3.1-r0
13.3.2-r0
13.3.2-r1
13.4.0-r0
13.5.0-r0
13.6.0-r0
13.6.0-r1
13.7.0-r0
13.7.2-r0
13.7.2-r1
13.9.1-r0
13.11.1-r0

14.*

14.0.2-r0
14.1.0-r0
14.1.1-r0
14.1.2-r0
14.1.2-r1
14.2.0-r0
14.2.1-r0
14.2.1-r1
14.2.1-r2
14.3.0-r0
14.3.1-r0
14.4.0-r0
14.4.0-r1
14.4.0-r2
14.4.1-r0
14.5.0-r0
14.6.0-r0
14.6.0-r1
14.6.1-r0
14.6.2-r0

15.*

15.1.0-r0
15.1.1-r0
15.1.1-r1
15.1.2-r0
15.1.3-r0
15.1.4-r0
15.1.5-r0
15.1.5-r1
15.2.0-r0
15.2.2-r0
15.3.0-r0
15.3.0-r1
15.3.0-r2
15.5.0-r0
15.5.0-r1
15.6.0-r0
15.6.1-r0
15.6.1-r1
15.7.1-r0

16.*

16.3.0-r0
16.4.1-r0
16.5.1-r0
16.6.2-r0
16.7.0-r0
16.11.0-r0
16.12.0-r0
16.12.0-r1

17.*

17.7.0-r0

18.*

18.0.0-r0
18.0.0-r1
18.0.0-r2
18.1.0-r0
18.1.1-r0
18.2.1-r0
18.2.1-r1
18.2.2-r0
18.2.2-r1
18.2.2-r2
18.2.2-r3
18.2.2-r4
18.2.2-r5

Alpine:v3.17 / asterisk

Package

Name
asterisk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
18.11.2-r0

Affected versions

1.*

1.6.0.9-r0
1.6.0.9-r1
1.6.0.9-r2
1.6.0.9-r3
1.6.0.9-r4
1.6.0.10-r0
1.6.0.10-r1
1.6.0.10-r2
1.6.0.13-r0
1.6.0.14-r0
1.6.0.14-r1
1.6.0.15-r0
1.6.0.15-r1
1.6.0.15-r2
1.6.0.18-r1
1.6.0.19-r0
1.6.0.19-r1
1.6.0.20-r0
1.6.0.20-r1
1.6.2.1-r0
1.6.2.1-r1
1.6.2.6-r0
1.6.2.6-r1
1.6.2.6-r2
1.6.2.7-r0
1.6.2.7-r1
1.6.2.8-r0
1.6.2.9-r0
1.6.2.10-r0
1.6.2.11-r0
1.6.2.13-r0
1.6.2.13-r1
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1.1-r0
1.8.2.1-r0
1.8.2.2-r0
1.8.2.4-r0
1.8.3-r0
1.8.3.2-r0
1.8.3.2-r1
1.8.3.3-r0
1.8.4-r0
1.8.4.1-r0
1.8.4.2-r0
1.8.4.4-r0
1.8.5.0-r0
1.8.6.0-r0
1.8.7.0-r0
1.8.7.1-r0
1.8.8.0_rc3-r0
1.8.8.0_rc4-r0
1.8.8.0_rc5-r0

10.*

10.0.0-r0
10.0.0-r1
10.0.0-r2
10.0.0-r3
10.0.0-r4
10.0.0-r5
10.0.1-r0
10.0.1-r1
10.1.0-r0
10.1.0-r1
10.1.0-r2
10.1.1-r0
10.1.2-r0
10.1.2-r1
10.1.2-r2
10.1.3-r0
10.2.0-r0
10.2.1-r0
10.3.0-r0
10.3.1-r0
10.4.0-r0
10.4.1-r0
10.4.1-r1
10.4.2-r0
10.4.2-r1
10.5.0-r0
10.5.1-r0
10.5.2-r0
10.6.0-r0
10.6.1-r0
10.7.0-r0
10.7.1-r0
10.7.1-r1
10.7.1-r3
10.8.0-r0
10.8.0-r1
10.9.0-r0

11.*

11.0.0-r2
11.0.1-r0
11.0.2-r0
11.1.0-r0
11.1.2-r0
11.2.0-r0
11.2.1-r0
11.2.2-r0
11.3.0-r0
11.4.0-r0
11.4.0-r1
11.4.0-r2
11.5.0-r0
11.5.0-r1
11.5.0-r2
11.5.1-r0
11.5.1-r1
11.5.1-r2
11.5.1-r3
11.6.0-r0
11.6.1-r0
11.7.0-r0
11.7.0-r1

12.*

12.1.0-r0
12.1.1-r0
12.2.0-r0
12.2.0-r1
12.3.0-r0
12.3.1-r0
12.3.2-r0
12.4.0-r0
12.4.0-r1
12.4.0-r2
12.4.0-r3
12.4.0-r4
12.4.0-r5
12.4.0-r6
12.4.0-r7
12.5.0-r0
12.5.1-r0
12.6.0-r0

13.*

13.0.0-r0
13.0.1-r0
13.0.2-r0
13.1.0-r0
13.1.0-r1
13.1.1-r0
13.2.0-r0
13.3.1-r0
13.3.2-r0
13.3.2-r1
13.4.0-r0
13.5.0-r0
13.6.0-r0
13.6.0-r1
13.7.0-r0
13.7.2-r0
13.7.2-r1
13.9.1-r0
13.11.1-r0

14.*

14.0.2-r0
14.1.0-r0
14.1.1-r0
14.1.2-r0
14.1.2-r1
14.2.0-r0
14.2.1-r0
14.2.1-r1
14.2.1-r2
14.3.0-r0
14.3.1-r0
14.4.0-r0
14.4.0-r1
14.4.0-r2
14.4.1-r0
14.5.0-r0
14.6.0-r0
14.6.0-r1
14.6.1-r0
14.6.2-r0

15.*

15.1.0-r0
15.1.1-r0
15.1.1-r1
15.1.2-r0
15.1.3-r0
15.1.4-r0
15.1.5-r0
15.1.5-r1
15.2.0-r0
15.2.2-r0
15.3.0-r0
15.3.0-r1
15.3.0-r2
15.5.0-r0
15.5.0-r1
15.6.0-r0
15.6.1-r0
15.6.1-r1
15.7.1-r0

16.*

16.3.0-r0
16.4.1-r0
16.5.1-r0
16.6.2-r0
16.7.0-r0
16.11.0-r0
16.12.0-r0
16.12.0-r1

17.*

17.7.0-r0

18.*

18.0.0-r0
18.0.0-r1
18.0.0-r2
18.1.0-r0
18.1.1-r0
18.2.1-r0
18.2.1-r1
18.2.2-r0
18.2.2-r1
18.2.2-r2
18.2.2-r3
18.2.2-r4
18.2.2-r5

Alpine:v3.18 / asterisk

Package

Name
asterisk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Fixed
18.11.2-r0

Affected versions

1.*

1.6.0.9-r0
1.6.0.9-r1
1.6.0.9-r2
1.6.0.9-r3
1.6.0.9-r4
1.6.0.10-r0
1.6.0.10-r1
1.6.0.10-r2
1.6.0.13-r0
1.6.0.14-r0
1.6.0.14-r1
1.6.0.15-r0
1.6.0.15-r1
1.6.0.15-r2
1.6.0.18-r1
1.6.0.19-r0
1.6.0.19-r1
1.6.0.20-r0
1.6.0.20-r1
1.6.2.1-r0
1.6.2.1-r1
1.6.2.6-r0
1.6.2.6-r1
1.6.2.6-r2
1.6.2.7-r0
1.6.2.7-r1
1.6.2.8-r0
1.6.2.9-r0
1.6.2.10-r0
1.6.2.11-r0
1.6.2.13-r0
1.6.2.13-r1
1.8.0-r0
1.8.0-r1
1.8.1-r0
1.8.1.1-r0
1.8.2.1-r0
1.8.2.2-r0
1.8.2.4-r0
1.8.3-r0
1.8.3.2-r0
1.8.3.2-r1
1.8.3.3-r0
1.8.4-r0
1.8.4.1-r0
1.8.4.2-r0
1.8.4.4-r0
1.8.5.0-r0
1.8.6.0-r0
1.8.7.0-r0
1.8.7.1-r0
1.8.8.0_rc3-r0
1.8.8.0_rc4-r0
1.8.8.0_rc5-r0

10.*

10.0.0-r0
10.0.0-r1
10.0.0-r2
10.0.0-r3
10.0.0-r4
10.0.0-r5
10.0.1-r0
10.0.1-r1
10.1.0-r0
10.1.0-r1
10.1.0-r2
10.1.1-r0
10.1.2-r0
10.1.2-r1
10.1.2-r2
10.1.3-r0
10.2.0-r0
10.2.1-r0
10.3.0-r0
10.3.1-r0
10.4.0-r0
10.4.1-r0
10.4.1-r1
10.4.2-r0
10.4.2-r1
10.5.0-r0
10.5.1-r0
10.5.2-r0
10.6.0-r0
10.6.1-r0
10.7.0-r0
10.7.1-r0
10.7.1-r1
10.7.1-r3
10.8.0-r0
10.8.0-r1
10.9.0-r0

11.*

11.0.0-r2
11.0.1-r0
11.0.2-r0
11.1.0-r0
11.1.2-r0
11.2.0-r0
11.2.1-r0
11.2.2-r0
11.3.0-r0
11.4.0-r0
11.4.0-r1
11.4.0-r2
11.5.0-r0
11.5.0-r1
11.5.0-r2
11.5.1-r0
11.5.1-r1
11.5.1-r2
11.5.1-r3
11.6.0-r0
11.6.1-r0
11.7.0-r0
11.7.0-r1

12.*

12.1.0-r0
12.1.1-r0
12.2.0-r0
12.2.0-r1
12.3.0-r0
12.3.1-r0
12.3.2-r0
12.4.0-r0
12.4.0-r1
12.4.0-r2
12.4.0-r3
12.4.0-r4
12.4.0-r5
12.4.0-r6
12.4.0-r7
12.5.0-r0
12.5.1-r0
12.6.0-r0

13.*

13.0.0-r0
13.0.1-r0
13.0.2-r0
13.1.0-r0
13.1.0-r1
13.1.1-r0
13.2.0-r0
13.3.1-r0
13.3.2-r0
13.3.2-r1
13.4.0-r0
13.5.0-r0
13.6.0-r0
13.6.0-r1
13.7.0-r0
13.7.2-r0
13.7.2-r1
13.9.1-r0
13.11.1-r0

14.*

14.0.2-r0
14.1.0-r0
14.1.1-r0
14.1.2-r0
14.1.2-r1
14.2.0-r0
14.2.1-r0
14.2.1-r1
14.2.1-r2
14.3.0-r0
14.3.1-r0
14.4.0-r0
14.4.0-r1
14.4.0-r2
14.4.1-r0
14.5.0-r0
14.6.0-r0
14.6.0-r1
14.6.1-r0
14.6.2-r0

15.*

15.1.0-r0
15.1.1-r0
15.1.1-r1
15.1.2-r0
15.1.3-r0
15.1.4-r0
15.1.5-r0
15.1.5-r1
15.2.0-r0
15.2.2-r0
15.3.0-r0
15.3.0-r1
15.3.0-r2
15.5.0-r0
15.5.0-r1
15.6.0-r0
15.6.1-r0
15.6.1-r1
15.7.1-r0

16.*

16.3.0-r0
16.4.1-r0
16.5.1-r0
16.6.2-r0
16.7.0-r0
16.11.0-r0
16.12.0-r0
16.12.0-r1

17.*

17.7.0-r0

18.*

18.0.0-r0
18.0.0-r1
18.0.0-r2
18.1.0-r0
18.1.1-r0
18.2.1-r0
18.2.1-r1
18.2.2-r0
18.2.2-r1
18.2.2-r2
18.2.2-r3
18.2.2-r4
18.2.2-r5

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc
Fixed
3e57d107467db7b5e4b64db75edf09641881c9fd