CVE-2020-35776 — Classic Buffer Overflow in Asterisk

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 75.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digium Asterisk Debian Asterisk

Timeline

PublishedFeb 18

Latest updateMay 24

Description

A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/asterisk< asterisk 1:16.16.1~dfsg-1 (bullseye)

▶Debiandigium/asterisk< 1:16.16.1~dfsg-1

▶NVDdigium/asterisk13.0.0 — 13.38.1+3

Patches

Patch: packetstormsecurity.com ↗Patch: issues.asterisk.org ↗Patch: packetstormsecurity.com ↗

🔴Vulnerability Details

GHSA

GHSA-4ch3-ggx2-34pj: A buffer overflow in res_pjsip_diversion↗2022-05-24

▶

OSV

CVE-2020-35776: A buffer overflow in res_pjsip_diversion↗2021-02-18

▶

📋Vendor Advisories

Debian

CVE-2020-35776: asterisk - A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1,...↗2020

▶