CVE-2026-23741

CVE-2026-23741

Name

CVE-2026-23741

Description

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the asterisk/contrib/scripts/ast_coredumper runs as root, as noted by the NOTES tag on line 689 of the ast_coredumper file. The script will source the contents of /etc/asterisk/ast_debug_tools.conf, which resides in a folder that is writeable by the asterisk user:group. Due to the /etc/asterisk/ast_debug_tools.conf file following bash semantics and it being loaded; an attacker with write permissions may add or modify the file such that when the root ast_coredumper is run; it would source and thereby execute arbitrary bash code found in the /etc/asterisk/ast_debug_tools.conf. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3

Type

URI

security-advisories@github.com

https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= None	< 20.18.2
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 21.0.0	< 21.12.1
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 22.0.0	< 22.8.2
`cpe:2.3:a:sangoma:asterisk::::::::`	asterisk	>= 23.0.0	< 23.2.2
`cpe:2.3:a:sangoma:certified_asterisk::::::::`	certified_asterisk	>= None	<= 18.9
`cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1::::::`	certified_asterisk	== None	== 20.7

CPE URI

Source package

Min version

Max version

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= None

< 20.18.2

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 21.0.0

< 21.12.1

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 22.0.0

< 22.8.2

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

asterisk

>= 23.0.0

< 23.2.2

cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*

certified_asterisk

>= None

<= 18.9

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*

certified_asterisk

== None

== 20.7

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
asterisk	edge-main	20.17.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.15.2-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.15.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r6	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r4	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.0-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.11.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.9.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.8.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	20.5.1-r0	None	possibly vulnerable
asterisk	edge-main	18.15.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r2	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.15.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.13.0-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.13.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.11.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r4	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r3	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r2	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	edge-main	18.2.1-r0	None	possibly vulnerable
asterisk	edge-main	18.1.1-r0	None	possibly vulnerable
asterisk	edge-main	18.0.1-r0	None	possibly vulnerable
asterisk	edge-main	16.6.2-r0	None	possibly vulnerable
asterisk	edge-main	16.5.1-r0	None	possibly vulnerable
asterisk	edge-main	16.4.1-r0	None	possibly vulnerable
asterisk	edge-main	16.3.0-r0	None	possibly vulnerable
asterisk	edge-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.23-main	20.15.2-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r6	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r5	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.22-main	20.11.1-r0	None	possibly vulnerable
asterisk	3.22-main	20.9.3-r0	None	possibly vulnerable
asterisk	3.22-main	20.9.2-r0	None	possibly vulnerable
asterisk	3.22-main	20.8.1-r0	None	possibly vulnerable
asterisk	3.22-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.22-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.22-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.22-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.22-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.22-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.22-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.21-main	20.11.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.21-main	20.11.0-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.21-main	20.9.3-r0	None	possibly vulnerable
asterisk	3.21-main	20.9.2-r0	None	possibly vulnerable
asterisk	3.21-main	20.8.1-r0	None	possibly vulnerable
asterisk	3.21-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.21-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.21-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.21-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.21-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.21-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.21-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.20-main	20.9.3-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.9.2-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.8.1-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.20-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.20-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.20-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.20-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.20-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.20-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.20-main	15.7.1-r0	None	possibly vulnerable
asterisk	3.19-main	20.9.3-r1	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.19-main	20.9.3-r0	Timo Teras <timo.teras@iki.fi>	possibly vulnerable
asterisk	3.19-main	20.5.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.15.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.11.2-r0	None	possibly vulnerable
asterisk	3.19-main	18.2.2-r2	None	possibly vulnerable
asterisk	3.19-main	18.2.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.1.1-r0	None	possibly vulnerable
asterisk	3.19-main	18.0.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.6.2-r0	None	possibly vulnerable
asterisk	3.19-main	16.5.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.4.1-r0	None	possibly vulnerable
asterisk	3.19-main	16.3.0-r0	None	possibly vulnerable
asterisk	3.19-main	15.7.1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages