{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T23:13:32.390","vulnerabilities":[{"cve":{"id":"CVE-2026-23740","sourceIdentifier":"security-advisories@github.com","published":"2026-02-06T17:16:26.290","lastModified":"2026-02-10T18:25:39.730","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2."},{"lang":"es","value":"Asterisk es una centralita privada y un kit de herramientas de telefonía de código abierto. Antes de las versiones 20.7-cert9, 20.18.2, 21.12.1, 22.8.2 y 23.2.2, cuando ast_coredumper escribe sus archivos de inicialización y salida de gdb en un directorio con permisos de escritura para todos (por ejemplo, /tmp), un atacante con permiso de escritura (que es para todos los usuarios en un sistema Linux) en ese directorio puede hacer que root ejecute comandos arbitrarios o sobrescriba archivos arbitrarios controlando las rutas del archivo de inicialización de gdb y de los archivos de salida. Este problema ha sido parcheado en las versiones 20.7-cert9, 20.18.2, 21.12.1, 22.8.2 y 23.2.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N","baseScore":0.0,"baseSeverity":"NONE","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":0.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:-:*:*:*:*:*:*","matchCriteriaId":"20E281EB-9D1B-4F5F-A6B7-3A36B8BC0065"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1:*:*:*:*:*:*","matchCriteriaId":"C1117AA4-CE6B-479B-9995-A9F71C430663"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc1:*:*:*:*:*:*","matchCriteriaId":"775041BD-5C86-42B6-8B34-E1D5171B3D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc2:*:*:*:*:*:*","matchCriteriaId":"55EC2877-2FF5-4777-B118-E764A94BCE56"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc3:*:*:*:*:*:*","matchCriteriaId":"EB0392C9-A5E9-4D71-8B8D-63FB96E055A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert1-rc4:*:*:*:*:*:*","matchCriteriaId":"09AF962D-D4BB-40BA-B435-A59E4402931C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert2:*:*:*:*:*:*","matchCriteriaId":"559D1063-7F37-44F8-B5C6-94758B675FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:cert3:*:*:*:*:*:*","matchCriteriaId":"185B2B4B-B246-4379-906B-9BDA7CDD4400"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc1:*:*:*:*:*:*","matchCriteriaId":"73D3592D-3CE5-4462-9FE8-4BCB54E74B5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:13.13.0:rc2:*:*:*:*:*:*","matchCriteriaId":"B3CCE9E0-5DC4-43A2-96DB-9ABEA60EC157"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*","matchCriteriaId":"1CD72D9A-E83D-401F-AB57-F149EDF3100F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*","matchCriteriaId":"28FFE601-860E-4507-9053-BC2CC0E368A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*","matchCriteriaId":"BC842354-1A42-4C36-A7C3-02DAD6E90876"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*","matchCriteriaId":"6F59212A-DFCA-454F-A705-DC137627F7D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert1-rc5:*:*:*:*:*:*","matchCriteriaId":"8EC6EF5A-A3CD-400F-B6A9-728E257A2DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert10:*:*:*:*:*:*","matchCriteriaId":"42633641-4DFA-4F33-96B5-0D7D101F1A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert11:*:*:*:*:*:*","matchCriteriaId":"CCDC8235-FE4A-42A3-B3BE-E1B7F65501BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert12:*:*:*:*:*:*","matchCriteriaId":"9505512D-485C-4A0A-91A1-2DEFF1A81023"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert13:*:*:*:*:*:*","matchCriteriaId":"207B4B99-21CC-4535-9689-993493C76295"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert14:*:*:*:*:*:*","matchCriteriaId":"4F5CC3FB-7B37-4EB6-93CE-EE868831542F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*","matchCriteriaId":"2E0C1577-29A7-4C84-8E5C-6EAF9E9E1954"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*","matchCriteriaId":"2E466728-57CF-457B-B25D-20C92C944980"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*","matchCriteriaId":"07E14A73-7BA2-4E46-860E-F02E5C1514D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*","matchCriteriaId":"05CB55B9-DBC9-4BE3-A293-AF624B05F90C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:-:*:*:*:*:*:*","matchCriteriaId":"1EAD713A-CBA2-40C3-9DE3-5366827F18C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert1:*:*:*:*:*:*","matchCriteriaId":"A5F5A8B7-29C9-403C-9561-7B3E96F9FCA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert10:*:*:*:*:*:*","matchCriteriaId":"F9B96A53-2263-463C-9CCA-0F29865FE500"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert11:*:*:*:*:*:*","matchCriteriaId":"A53049F1-8551-453E-834A-68826A7AA959"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert12:*:*:*:*:*:*","matchCriteriaId":"B224A4E9-4B6B-4187-B0D6-E4BAE2637960"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert2:*:*:*:*:*:*","matchCriteriaId":"9501DBFF-516D-4F26-BBF6-1B453EE2A630"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert3:*:*:*:*:*:*","matchCriteriaId":"9D3E9AC0-C0B4-4E87-8D48-2B688D28B678"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert4:*:*:*:*:*:*","matchCriteriaId":"1A8628F6-F8D1-4C0C-BD89-8E2EEF19A5F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert5:*:*:*:*:*:*","matchCriteriaId":"E27A6FD1-9321-4C9E-B32B-D6330CD3DC92"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert6:*:*:*:*:*:*","matchCriteriaId":"B6BF5EDB-9D17-453D-A22E-FDDC4DCDD85B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert7:*:*:*:*:*:*","matchCriteriaId":"4C75A21E-5D05-434B-93DE-8DAC4DD3E587"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert8:*:*:*:*:*:*","matchCriteriaId":"1D725758-C9F5-4DB2-8C45-CC052518D3FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:16.8.0:cert9:*:*:*:*:*:*","matchCriteriaId":"B5E2AECC-B681-4EA5-9DE5-2086BB37A5F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:-:*:*:*:*:*:*","matchCriteriaId":"2A7FA28D-33B7-4F20-8235-E66C21019875"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*","matchCriteriaId":"79EEB5E5-B79E-454B-8DCD-3272BA337A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*","matchCriteriaId":"AD3BBA39-95EC-462F-8F5A-15E8D07CC804"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*","matchCriteriaId":"D6BF553C-020D-4F99-9995-CA4A4383B2DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*","matchCriteriaId":"E3069F1F-DDE8-4E9A-B4FF-64B7B11EEFCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*","matchCriteriaId":"890205E3-973D-422E-940A-E9190BA37EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*","matchCriteriaId":"23100176-0528-448D-B2FA-D3B9B31A249D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*","matchCriteriaId":"346B29FD-48B4-4121-89FD-45325865E54B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*","matchCriteriaId":"49798C73-CCC4-4013-8A01-348D6B3D9C5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*","matchCriteriaId":"E5019880-BE93-4592-B3E0-C69FA2C47B6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*","matchCriteriaId":"892BAE5D-A64E-4FE0-9A99-8C07F342A042"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*","matchCriteriaId":"1A716A45-7075-4CA6-9EF5-2DD088248A5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*","matchCriteriaId":"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*","matchCriteriaId":"20FD475F-2B46-47C9-B535-1561E29CB7A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*","matchCriteriaId":"7238FCD9-9F40-44BA-A170-69D4857AA1CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*","matchCriteriaId":"F657B046-6C83-48F9-A0B1-C63CDA7FD61D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*","matchCriteriaId":"6D87C7DE-23EA-4532-A2E4-9BF82ADE12DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*","matchCriteriaId":"B79A5B46-5CA3-445E-BE47-1711DCD038A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*","matchCriteriaId":"D600B37E-94EA-48DE-B48E-871B3A983721"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*","matchCriteriaId":"2FC3A00E-D1C6-467F-8FE7-E8437A527B3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*","matchCriteriaId":"79225576-AF7C-4099-9624-C53578A7417F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*","matchCriteriaId":"29323E6E-12C9-46C7-B29C-25E0CD537A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*","matchCriteriaId":"8E563972-78C0-40A0-83EA-6A3BA3D71946"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*","matchCriteriaId":"64209621-D458-432A-B0E3-C8D0B6698574"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*","matchCriteriaId":"B148158A-8354-41C2-A44C-2C0DAABAD217"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*","matchCriteriaId":"3D4D96E8-1F01-42B8-9181-67DEB12D9DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*","matchCriteriaId":"50D1B02A-F5F9-48EB-A396-412821F5D602"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*","matchCriteriaId":"4CBB2891-448F-4C4E-8A47-2283A8F71FE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert7:*:*:*:*:*:*","matchCriteriaId":"A9AF30E9-FC50-4A5C-BC99-9B3394488B9D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionEndExcluding":"20.18.2","matchCriteriaId":"46AC3571-DD52-4F3C-98D2-3BB915498D41"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.12.1","matchCriteriaId":"B9CB7760-849C-42CB-BF9A-A3DB40F19447"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"22.0.0","versionEndExcluding":"22.8.2","matchCriteriaId":"03AEEF8D-B546-4587-A236-63E2C41582FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"23.0.0","versionEndExcluding":"23.2.2","matchCriteriaId":"B036D768-9ADA-4965-A596-BEF60749C3CD"}]}]}],"references":[{"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}