{"id":"CVE-2022-26651","details":"An issue was discovered in Asterisk through 19.x and Certified Asterisk through 16.8-cert13. The func_odbc module provides possibly inadequate escaping functionality for backslash characters in SQL queries, resulting in user-provided data creating a broken SQL query or possibly a SQL injection. This is fixed in 16.25.2, 18.11.2, and 19.3.2, and 16.8-cert14.","modified":"2026-04-10T04:46:17.870360Z","published":"2022-04-15T05:15:06.683Z","references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/166746/Asterisk-Project-Security-Advisory-AST-2022-003.html"},{"type":"ADVISORY","url":"https://downloads.asterisk.org/pub/security/"},{"type":"ADVISORY","url":"https://downloads.asterisk.org/pub/security/AST-2022-003.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5285"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/asterisk/asterisk","events":[{"introduced":"a65908f83e2f17a3aca7eb39c8e06045aca02674"},{"fixed":"8898781851e446bd6eebb74592d8005e0511f1e1"},{"introduced":"2c1bba3cbec008c8ce35c78a2c79f9f207ea58bc"},{"fixed":"3e57d107467db7b5e4b64db75edf09641881c9fd"},{"introduced":"de4f63b4824c91a0cd9f3d95f3b7923bec71960c"},{"fixed":"91be429a41b9a9090e7e2b7b1efc9bea61571292"},{"introduced":"0"},{"last_affected":"d436f568583184a13aa46349af5a3f0907087b44"},{"introduced":"0"},{"last_affected":"476bbcf3a3a8439c469ab31677cc87bbfd2fb214"},{"introduced":"0"},{"last_affected":"7b8157645f8c5f8599f160cd3374d2763564b55f"},{"introduced":"0"},{"last_affected":"d1bb76a27d2b8b4e4d32e77e8090997400f1d46d"},{"introduced":"0"},{"last_affected":"3d317239d5e94f07d387b31c46a6733cbc43e5ef"},{"introduced":"0"},{"last_affected":"0a99c29ae8ac0f60f6fca20014eab47d0a69bf99"},{"introduced":"0"},{"last_affected":"144e3bddb98e13eb298de4e16977b5c998842eb0"},{"introduced":"0"},{"last_affected":"3ba3d8eb07c69a5b898166e0c260fa2f79b7e461"},{"introduced":"0"},{"last_affected":"70ab513553663635cd12a6aa1e64036e68ab0822"},{"introduced":"0"},{"last_affected":"bbaf9042cff308827c91e8235179b7ba27b48a33"},{"introduced":"0"},{"last_affected":"4d7a90d4e2c408af10dce738d6fc5ca491fcc83e"},{"introduced":"0"},{"last_affected":"21635f1e4075f13c8aabc6d9abdf183df416156b"},{"introduced":"0"},{"last_affected":"aabb04054a92d531c2ed82832e6d155a297253d1"},{"introduced":"0"},{"last_affected":"017416381fdcb5d222de2c2f39b17672506b061b"},{"introduced":"0"},{"last_affected":"cb9f1759fb996c99d5391135dd97db6f1e2d3387"},{"introduced":"0"},{"last_affected":"f777a0d87982e4f780099257e8157ec5341fb488"},{"introduced":"0"},{"last_affected":"10b274d1aba4fc2cf2a8cabcb66eb2a049e2250f"},{"introduced":"0"},{"last_affected":"5d0a019e13acc265b7805cb40f636a2680f927c1"},{"introduced":"0"},{"last_affected":"9e8def6e8b451ac6bca54ec2fd119e35ec84af62"},{"introduced":"0"},{"last_affected":"c3b6b056c44f920bad94d1dadda9a4bf579dd5e5"},{"introduced":"0"},{"last_affected":"91b991f2427bf1f4deb82985b051fc93ee408fda"},{"introduced":"0"},{"last_affected":"847f753c4eda5891c4fe77dd7d0341381cb84975"},{"introduced":"0"},{"last_affected":"affbc6907eb544bc6e049085de91002ca24ff930"}],"database_specific":{"versions":[{"introduced":"16.0.0"},{"fixed":"16.25.2"},{"introduced":"18.0"},{"fixed":"18.11.2"},{"introduced":"19.0.0"},{"fixed":"19.3.2"},{"introduced":"0"},{"last_affected":"16.8-NA"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc1"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc2"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc3"},{"introduced":"0"},{"last_affected":"16.8-cert1\\-rc4"},{"introduced":"0"},{"last_affected":"16.8-cert10"},{"introduced":"0"},{"last_affected":"16.8-cert11"},{"introduced":"0"},{"last_affected":"16.8-cert12"},{"introduced":"0"},{"last_affected":"16.8-cert13"},{"introduced":"0"},{"last_affected":"16.8-cert2"},{"introduced":"0"},{"last_affected":"16.8-cert3"},{"introduced":"0"},{"last_affected":"16.8-cert4"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc1"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc2"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc3"},{"introduced":"0"},{"last_affected":"16.8-cert4\\-rc4"},{"introduced":"0"},{"last_affected":"16.8-cert5"},{"introduced":"0"},{"last_affected":"16.8-cert6"},{"introduced":"0"},{"last_affected":"16.8-cert7"},{"introduced":"0"},{"last_affected":"16.8-cert8"},{"introduced":"0"},{"last_affected":"16.8-cert9"},{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"}]}}],"versions":["10.0.0","10.0.0-rc1","10.0.0-rc2","10.0.0-rc3","11.0.0","11.0.0-rc1","11.0.0-rc2","16.25.0","16.25.0-rc1","16.25.1","16.8.0","16.8.0-rc1","16.8.0-rc2","18.11.0","18.11.0-rc1","18.11.1","19.3.0","19.3.0-rc1","19.3.1","certified/16.8-cert1","certified/16.8-cert1-rc1","certified/16.8-cert1-rc2","certified/16.8-cert1-rc3","certified/16.8-cert1-rc4","certified/16.8-cert1-rc5","certified/16.8-cert10","certified/16.8-cert11","certified/16.8-cert12","certified/16.8-cert13","certified/16.8-cert2","certified/16.8-cert3","certified/16.8-cert4","certified/16.8-cert4-rc1","certified/16.8-cert4-rc2","certified/16.8-cert4-rc3","certified/16.8-cert4-rc4","certified/16.8-cert5","certified/16.8-cert6","certified/16.8-cert7","certified/16.8-cert8","certified/16.8-cert9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26651.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}