Total vulnerabilities in the database
An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.
| Software | From | Fixed in |
|---|---|---|
| digium / certified_asterisk | 16.8-cert1-rc1 | 16.8-cert1-rc1.x |
| digium / certified_asterisk | 16.8-cert1-rc2 | 16.8-cert1-rc2.x |
| digium / certified_asterisk | 16.8-cert1-rc3 | 16.8-cert1-rc3.x |
| digium / certified_asterisk | 16.8-cert1-rc4 | 16.8-cert1-rc4.x |
| digium / certified_asterisk | 16.8-cert2 | 16.8-cert2.x |
| digium / certified_asterisk | 16.8-cert3 | 16.8-cert3.x |
| digium / certified_asterisk | 16.8-cert4 | 16.8-cert4.x |
| digium / certified_asterisk | 16.8-cert4-rc1 | 16.8-cert4-rc1.x |
| digium / certified_asterisk | 16.8-cert4-rc2 | 16.8-cert4-rc2.x |
| digium / certified_asterisk | 16.8-cert4-rc3 | 16.8-cert4-rc3.x |
| digium / certified_asterisk | 16.8-cert4-rc4 | 16.8-cert4-rc4.x |
| digium / certified_asterisk | 16.8 | 16.8.x |
| digium / certified_asterisk | 16.8-cert5 | 16.8-cert5.x |
| digium / certified_asterisk | 16.8-cert7 | 16.8-cert7.x |
| digium / certified_asterisk | 16.8-cert8 | 16.8-cert8.x |
| digium / certified_asterisk | 16.8-cert9 | 16.8-cert9.x |
| digium / certified_asterisk | 16.8-cert6 | 16.8-cert6.x |
| digium / asterisk | 18.0 | 18.11.2 |
| digium / certified_asterisk | 16.8-cert10 | 16.8-cert10.x |
| digium / certified_asterisk | 16.8-cert11 | 16.8-cert11.x |
| digium / certified_asterisk | 16.8-cert12 | 16.8-cert12.x |
| digium / certified_asterisk | 16.8-cert13 | 16.8-cert13.x |
| digium / asterisk | 19.0.0 | 19.3.2 |
| digium / asterisk | 16.0.0 | 16.25.2 |
| debian / debian_linux | 10.0 | 10.0.x |
| debian / debian_linux | 11.0 | 11.0.x |