https://packetstormsecurity.com/files/166744/AST-2022-001.txt https://packetstormsecurity.com/files/166745/AST-2022-002.txt https://packetstormsecurity.com/files/166746/AST-2022-003.txt "* AST-2022-001: res_stir_shaken: resource exhaustion with large files When using STIR/SHAKEN, it???s possible to download files that are not certificates. These files could be much larger than what you would expect to download. * AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header When using STIR/SHAKEN, it???s possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header. * AST-2022-003: func_odbc: Possible SQL Injection Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail."
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 2076245]
Created asterisk tracking bugs for this issue: Affects: epel-all [bug 2076246]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.