PT-2021-11818 · Asterisk+1 · Asterisk+1
Torrey Searle
+1
·
Published
2021-01-29
·
Updated
2025-02-13
·
CVE-2020-35652
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Asterisk versions prior to 13.38.0
Asterisk versions 14.x through 16.x before 16.15.0
Asterisk versions 17.x before 17.9.0
Asterisk versions 18.x before 18.1.0
Description:
An issue was discovered in res pjsip diversion.c. A crash can occur when a SIP message is received with a "History-Info" header that contains a
tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.Recommendations:
For versions prior to 13.38.0, update to version 13.38.0 or later.
For versions 14.x through 16.x before 16.15.0, update to version 16.15.0 or later.
For versions 17.x before 17.9.0, update to version 17.9.0 or later.
For versions 18.x before 18.1.0, update to version 18.1.0 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Asterisk