CVE-2020-35652

Name
CVE-2020-35652
Description
An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://downloads.asterisk.org/pub/security/AST-2020-003.html
Vendor Advisory https://downloads.asterisk.org/pub/security/AST-2020-004.html
Exploit https://issues.asterisk.org/jira/browse/ASTERISK-29191
Vendor Advisory https://issues.asterisk.org/jira/browse/ASTERISK-29219

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* asterisk >= None < 13.38.0
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* asterisk >= 14.0 < 16.15.0
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* asterisk >= 17.0 < 17.9.0
cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:* asterisk >= 18.0 < 18.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
asterisk edge-main 18.1.1-r0 None fixed
asterisk edge-main 18.0.1-r0 None possibly vulnerable
asterisk edge-main 16.6.2-r0 None possibly vulnerable
asterisk edge-main 16.5.1-r0 None possibly vulnerable
asterisk edge-main 16.4.1-r0 None possibly vulnerable
asterisk edge-main 16.3.0-r0 None possibly vulnerable
asterisk edge-main 15.7.1-r0 None possibly vulnerable
asterisk 3.22-main 18.1.1-r0 None fixed
asterisk 3.22-main 18.0.1-r0 None possibly vulnerable
asterisk 3.22-main 16.6.2-r0 None possibly vulnerable
asterisk 3.22-main 16.5.1-r0 None possibly vulnerable
asterisk 3.22-main 16.4.1-r0 None possibly vulnerable
asterisk 3.22-main 16.3.0-r0 None possibly vulnerable
asterisk 3.22-main 15.7.1-r0 None possibly vulnerable
asterisk 3.21-main 18.1.1-r0 None fixed
asterisk 3.21-main 18.0.1-r0 None possibly vulnerable
asterisk 3.21-main 16.6.2-r0 None possibly vulnerable
asterisk 3.21-main 16.5.1-r0 None possibly vulnerable
asterisk 3.21-main 16.4.1-r0 None possibly vulnerable
asterisk 3.21-main 16.3.0-r0 None possibly vulnerable
asterisk 3.21-main 15.7.1-r0 None possibly vulnerable
asterisk 3.20-main 18.1.1-r0 None fixed
asterisk 3.20-main 18.0.1-r0 None possibly vulnerable
asterisk 3.20-main 16.6.2-r0 None possibly vulnerable
asterisk 3.20-main 16.5.1-r0 None possibly vulnerable
asterisk 3.20-main 16.4.1-r0 None possibly vulnerable
asterisk 3.20-main 16.3.0-r0 None possibly vulnerable
asterisk 3.20-main 15.7.1-r0 None possibly vulnerable
asterisk 3.19-main 18.1.1-r0 None fixed
asterisk 3.19-main 18.0.1-r0 None possibly vulnerable
asterisk 3.19-main 16.6.2-r0 None possibly vulnerable
asterisk 3.19-main 16.5.1-r0 None possibly vulnerable
asterisk 3.19-main 16.4.1-r0 None possibly vulnerable
asterisk 3.19-main 16.3.0-r0 None possibly vulnerable
asterisk 3.19-main 15.7.1-r0 None possibly vulnerable
asterisk 3.18-main 18.1.1-r0 None fixed
asterisk 3.17-main 18.1.1-r0 None fixed
asterisk 3.12-main 16.15.1-r0 None fixed
asterisk 3.11-main 16.6.2-r1 Timo Teras <timo.teras@iki.fi> possibly vulnerable
asterisk 3.11-main 16.6.2-r0 Timo Teras <timo.teras@iki.fi> possibly vulnerable
asterisk 3.10-main 16.3.0-r3 Timo Teras <timo.teras@iki.fi> possibly vulnerable