FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Asterisk -- multiple vulnerabilities

Affected packages
16.15.0 < asterisk16 < 16.25.2
asterisk18 < 18.11.2

Details

VuXML ID 8838abf0-bc47-11ec-b516-0897988a1c07
Discovery 2022-04-14
Entry 2022-04-14

The Asterisk project reports:

AST-2022-001 - When using STIR/SHAKEN, its possible to download files that are not certificates. These files could be much larger than what you would expect to download.

AST-2022-002 - When using STIR/SHAKEN, its possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header.

[source]

References

CVE Name CVE-2022-26498
CVE Name CVE-2022-26499
URL https://downloads.asterisk.org/pub/security/AST-2022-001.html
URL https://downloads.asterisk.org/pub/security/AST-2022-002.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.