PT-2021-11857 · Sangoma+1 · Asterisk+1
Ipoddubny
+1
·
Published
2021-02-18
·
Updated
2025-02-13
·
CVE-2020-35776
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1
Description:
A buffer overflow in the
res pjsip diversion.c file allows a remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.Recommendations:
For versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1, consider updating to a newer version to mitigate the risk.
As a temporary workaround, consider restricting access to the
res pjsip diversion.c module to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Asterisk