CVE-2020-35652
published 2021-01-29CVE-2020-35652: An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.91%
77.2th percentile
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:16.15.1~dfsg-1 (bullseye) | asterisk 1:16.15.1~dfsg-1 (bullseye) |
| digium | asterisk | < 13.38.0 | 13.38.0 |
| digium | asterisk | >= 0 < 1:16.15.1~dfsg-1 | 1:16.15.1~dfsg-1 |
| digium | asterisk | >= 14.0 < 16.15.0 | 16.15.0 |
| digium | asterisk | >= 17.0 < 17.9.0 | 17.9.0 |
| digium | asterisk | >= 18.0 < 18.1.0 | 18.1.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2020-35652: asterisk - An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.3...
vendor_debian·2020·CVSS 6.5
CVE-2020-35652 [MEDIUM] CVE-2020-35652: asterisk - An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.3...
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
Scope: local
bullseye: resolved (fixed in 1:16.15.1~dfsg-1)
sid: resolved (fixed in 1:16.15.1~dfsg-1)
GHSA
GHSA-5jwx-hvg3-jjjv: An issue was discovered in res_pjsip_diversion
ghsa_unreviewed·2022-05-24
CVE-2020-35652 [MEDIUM] GHSA-5jwx-hvg3-jjjv: An issue was discovered in res_pjsip_diversion
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
OSV
CVE-2020-35652: An issue was discovered in res_pjsip_diversion
osv·2021-01-29·CVSS 6.5
CVE-2020-35652 [MEDIUM] CVE-2020-35652: An issue was discovered in res_pjsip_diversion
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://downloads.asterisk.org/pub/security/AST-2020-003.htmlhttps://downloads.asterisk.org/pub/security/AST-2020-004.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-29191https://issues.asterisk.org/jira/browse/ASTERISK-29219https://downloads.asterisk.org/pub/security/AST-2020-003.htmlhttps://downloads.asterisk.org/pub/security/AST-2020-004.htmlhttps://issues.asterisk.org/jira/browse/ASTERISK-29191https://issues.asterisk.org/jira/browse/ASTERISK-29219
2021-01-29
Published