First published: Thu Feb 18 2021(Updated: )
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Digium Asterisk | >=13.0.0<=13.38.1 | |
Digium Asterisk | >=16.0.0<=16.15.1 | |
Digium Asterisk | >=17.0.0<=17.9.1 | |
Digium Asterisk | >=18.0<=18.1.1 |
http://packetstormsecurity.com/files/161470/Asterisk-Project-Security-Advisory-AST-2021-001.html
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35776 is a buffer overflow vulnerability in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 that allows a remote attacker to crash Asterisk by misusing SIP 181 responses.
CVE-2020-35776 affects Digium Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1.
CVE-2020-35776 has a severity rating of 6.5 (Medium).
An attacker can exploit CVE-2020-35776 by deliberately misusing SIP 181 responses to cause a buffer overflow and crash Asterisk.
Yes, you can find fixes for CVE-2020-35776 in the security advisory AST-2021-001 provided by the Asterisk Project.