cbcvebase.
CVE-2020-35652
published 2021-01-29

CVE-2020-35652: An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.91%
77.2th percentile
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:16.15.1~dfsg-1 (bullseye)asterisk 1:16.15.1~dfsg-1 (bullseye)
digiumasterisk< 13.38.013.38.0
digiumasterisk>= 0 < 1:16.15.1~dfsg-11:16.15.1~dfsg-1
digiumasterisk>= 14.0 < 16.15.016.15.0
digiumasterisk>= 17.0 < 17.9.017.9.0
digiumasterisk>= 18.0 < 18.1.018.1.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.