CNNVD-202602-901 Information
CNNVD ID
CNNVD-202602-901
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Asterisk是Asterisk开源的一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk 20.7-cert9之前版本、20.18.2之前版本、21.12.1之前版本、22.8.2之前版本和23.2.2之前版本存在安全漏洞,该漏洞源于ast_coredumper将文件写入全局可写目录,可能导致执行任意命令或覆盖任意文件。
Description (English)
Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. There is a security loophole in the pre-Asteristk 20.7-cert9 version, the pre- 20.18.2, the pre-21.12.1, the pre-22.8.2 and the pre-23.2.2 version, which originates from the fact that an ast creditumper has written the document into a global repertoire, which may lead to the execution of arbitrary orders or the covering of arbitrary documents.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Asterisk
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c https://access.redhat.com/security/cve/cve-2026-23740
Patch
https://github.com/asterisk/asterisk/releases
Share on: