First published: Fri Jan 29 2021(Updated: )
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digium Asterisk | <13.38.0 | |
Digium Asterisk | >=14.0<16.15.0 | |
Digium Asterisk | >=17.0<17.9.0 | |
Digium Asterisk | >=18.0<18.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35652.
The severity of CVE-2020-35652 is medium (6.5).
The affected software is Digium Asterisk versions before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0.
CVE-2020-35652 is a vulnerability in Sangoma Asterisk that can cause a crash when a SIP message with a History-Info header containing a tel-uri is received, or when a SIP 181 response is received.
To fix CVE-2020-35652, it is recommended to upgrade to Sangoma Asterisk version 13.38.0, 16.15.0, 17.9.0, or 18.1.0 or later.