Asterisk Project Security Advisory - AST-2022-003

Discussion in 'News Aggregator' started by Packet Storm, 16 Apr 2022.

  1. Packet Storm

    Packet Storm Guest

    Asterisk suffers from a possible remote SQL injection vulnerability. Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail. Asterisk Open Source versions 16.x up to but not including 16.25.2, 18.x up to but not including 18.11.2, and 19.x up to but not including 19.3.2 are affected. Certified Asterisk versions 16.x up to but not including 16.8-cert14 are affected.

    Continue reading...
     

Share This Page

Loading...