CVE-2022-26498

Source
https://cve.org/CVERecord?id=CVE-2022-26498
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26498.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-26498
Downstream
Published
2022-04-15T05:15:06.597Z
Modified
2026-04-10T04:46:16.421573Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.

References

Affected packages

Git / github.com/asterisk/asterisk

Affected ranges

Type
GIT
Repo
https://github.com/asterisk/asterisk
Events
Introduced
Last affected
Introduced
Fixed
Introduced
Last affected
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "16.15.0"
        },
        {
            "last_affected": "16.25.1"
        },
        {
            "introduced": "18.0"
        },
        {
            "fixed": "18.11.2"
        },
        {
            "introduced": "19.0.0"
        },
        {
            "last_affected": "19.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        }
    ]
}

Affected versions

10.*
10.0.0
10.0.0-rc1
10.0.0-rc2
10.0.0-rc3
11.*
11.0.0
11.0.0-rc1
11.0.0-rc2
16.*
16.25.0
16.25.0-rc1
16.25.1
18.*
18.11.0
18.11.0-rc1
18.11.1
19.*
19.3.0
19.3.0-rc1
19.3.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26498.json"