Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, it is possible to read any arbitrary file even when the live_dangerously
is not enabled. This allows arbitrary files to be read. Asterisk versions 18.20.1, 20.5.1, and 21.0.1, as well as certified-asterisk prior to 18.9-cert6, contain a fix for this issue.
{ "vanir_signatures": [ { "digest": { "function_hash": "109588542733539459536459889459393669665", "length": 1624.0 }, "id": "CVE-2023-49294-36d11e8b", "source": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5", "signature_type": "Function", "signature_version": "v1", "target": { "file": "main/manager.c", "function": "action_getconfig" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "319262838586030896207615992167318331197", "73907467505780613093867596869826946028", "190120290691841264546542164833305697156", "188451549638797376020687671964111659251", "306381406943096252306587444901106669830", "281693650920930203770229831242808819948", "264207488659524750949476693331686821786", "67543373166406810932547016329833398560", "97878129604647764779898339292312984812", "83119973620778701708573231143751198547", "53002410202270671464510830582876964165", "287021365016972524448351506910938643808", "5465443576409833929852852108939725436", "127509060636997878303563635197128916444", "293467370214708869510941750821547456454", "144039315961212118021668320333867713421", "230453289490337290751317884418675546183", "208605912000204155817576245907549950226", "326430335594905709020873983644130476101" ] }, "id": "CVE-2023-49294-3d2ea2ff", "source": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5", "signature_type": "Line", "signature_version": "v1", "target": { "file": "main/manager.c" }, "deprecated": false }, { "digest": { "function_hash": "226786881581905709534996596552064063998", "length": 226.0 }, "id": "CVE-2023-49294-df60a6fc", "source": "https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5", "signature_type": "Function", "signature_version": "v1", "target": { "file": "main/manager.c", "function": "restrictedFile" }, "deprecated": false } ] }