Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Asterisk 资源管理错误漏洞
Vulnerability Description
Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 19.x 版本及之前版本 STIR/SHAKEN 存在资源管理错误漏洞,该漏洞源于可以下载不是证书的文件。这些文件可能比预期下载的要大得多,从而导致资源枯竭。该问题在 16.25.2、18.11.2 和 19.3.2 中已修复。
CVSS Information
N/A
Vulnerability Type
N/A