CVE-2022-26498

Related Files

Shannon Baseband chatroom SDP Attribute Memory Corruption

Posted May 4, 2023

Authored by Google Security Research, natashenka

Shannon Baseband suffers from a memory corruption vulnerability that occurs when the baseband modem processes SDP when setting up a call. SDP supports an attribute chatroom that allows multiple chat properties to be specified. The baseband software allocates a fixed-size buffer for these types, but does not check that the number of properties specified by the SDP is within this bound. This can lead to memory corruption when processing a chatroom attribute that contains more than 12 format types.

tags | exploit

advisories | CVE-2022-26498

SHA-256 | 8cb6ebadee250d2e79ec5b2160d5e18c8dae53fae64e54aa90dddc180b42ce0d

Download | Favorite | View

Asterisk Project Security Advisory - AST-2022-001

Posted Apr 15, 2022

Authored by Ben Ford | Site asterisk.org

When using STIR/SHAKEN in Asterisk, it is possible to download files that are not certificates. These files could be much larger than what you would expect to download. Asterisk Open Source versions 16.15.0 up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected.

tags | advisory

advisories | CVE-2022-26498

SHA-256 | 1fc78214ca3a80d4d46428ca4fdf01c6fc39ae8d4fd32be3d9c901d7bd98b5b1

Download | Favorite | View