Bug 2368030 (CVE-2025-47779)
| Summary: | CVE-2025-47779 asterisk: Using malformed From header can forge identity with ";" or NULL in name portion | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Asterisk. An issue in SIP requests of the type MESSAGE (RFC 3428) authentication allows an authenticated attacker to spoof the identity of any user and send fake chat messages appearing to be from them. An attacker can leverage this to send spam or malicious messages that seem to originate from a legitimate, and potentially privileged, user account.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2395448, 2395449, 2395450 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-05-22 17:01:54 UTC
|