Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0152

NIXPKGS-2026-0152

GitHub issue published on

Permalink CVE-2026-23740

0.0 NONE

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): None (N)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): None (N)
Modified Availability (MA): None (N)

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
5 packages
- asterisk-ldap
- asterisk-module-sccp
- python312Packages.asterisk-mbox
- python313Packages.asterisk-mbox
- python314Packages.asterisk-mbox
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

Asterisk vulnerable to potential privilege escalation

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, when ast_coredumper writes its gdb init and output files to a directory that is world-writable (for example /tmp), an attacker with write permission(which is all users on a linux system) to that directory can cause root to execute arbitrary commands or overwrite arbitrary files by controlling the gdb init file and output paths. This issue has been patched in versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2.

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c x_refsource_CONFIRM

Affected products

asterisk

==< 21.12.1
==< 22.8.2
==< 23.2.2
==< 20.18.2
==< 20.7-cert9

Matching in nixpkgs

pkgs.asterisk_18

Software implementation of a telephone private branch exchange (PBX)

pkgs.asterisk_20

Software implementation of a telephone private branch exchange (PBX)

nixos-unstable 20.18.0
- nixpkgs-unstable 20.18.0
- nixos-unstable-small 20.18.0
nixos-25.11 20.18.0
- nixos-25.11-small 20.18.0
- nixpkgs-25.11-darwin 20.18.0

pkgs.asterisk_22

Software implementation of a telephone private branch exchange (PBX)

nixos-unstable 22.8.0
- nixpkgs-unstable 22.8.0
- nixos-unstable-small 22.8.0
nixos-25.11 22.8.0
- nixos-25.11-small 22.8.0
- nixpkgs-25.11-darwin 22.8.0

pkgs.asterisk_23

Software implementation of a telephone private branch exchange (PBX)

nixos-unstable 23.2.0
- nixpkgs-unstable 23.2.0
- nixos-unstable-small 23.2.0
nixos-25.11 23.2.0
- nixos-25.11-small 23.2.0
- nixpkgs-25.11-darwin 23.2.0

Ignored packages (5)

pkgs.asterisk-ldap

Software implementation of a telephone private branch exchange (PBX)

nixos-unstable 22.8.0
- nixpkgs-unstable 22.8.0
- nixos-unstable-small 22.8.0
nixos-25.11 22.8.0
- nixos-25.11-small 22.8.0
- nixpkgs-25.11-darwin 22.8.0

pkgs.asterisk-module-sccp

Replacement for the SCCP channel driver in Asterisk

pkgs.python312Packages.asterisk-mbox

Client side of a client/server to interact with Asterisk voicemail mailboxes

nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.python313Packages.asterisk-mbox

Client side of a client/server to interact with Asterisk voicemail mailboxes

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0
nixos-25.11 0.5.0
- nixos-25.11-small 0.5.0
- nixpkgs-25.11-darwin 0.5.0

pkgs.python314Packages.asterisk-mbox

Client side of a client/server to interact with Asterisk voicemail mailboxes

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

Package maintainers

@yorickvP Yorick van Pelt <yorickvanpelt@gmail.com>
@auntieNeo Jonathan Glines <auntieNeo@gmail.com>
@DerTim1 Tim Digel <tim.digel@active-group.de>

Upstream advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c