CVE-2020-35776
Summary
| CVE | CVE-2020-35776 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-18 20:15:00 UTC |
| Updated | 2021-02-24 17:43:00 UTC |
| Description | A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: AST-2021-001: Remote crash in res_pjsip_diversion | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| Asterisk.org Issue Tracker | MISC | issues.asterisk.org | Issue Tracking, Vendor Advisory |
| [ASTERISK-29227] res_pjsip_diversion: sending multiple 181 responses causes memory corruption and crash - Digium/Asterisk JIRA | CONFIRM | issues.asterisk.org | Exploit, Issue Tracking, Patch, Vendor Advisory |
| AST-2021-001 | CONFIRM | downloads.asterisk.org | Vendor Advisory |
| Asterisk Project Security Advisory - AST-2021-001 ≈ Packet Storm | MISC | packetstormsecurity.com | Patch, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.