FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Asterisk -- func_odbc: Possible SQL Injection

Affected packages
asterisk16 < 16.25.2
asterisk18 < 18.11.2

Details

VuXML ID a5de43ed-bc49-11ec-b516-0897988a1c07
Discovery 2022-04-14
Entry 2022-04-14

The Asterisk project reports:

Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail.

References

CVE Name CVE-2022-26651
URL https://downloads.asterisk.org/pub/security/AST-2022-003.html