Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-28327

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Nov, 2020 | 18:08
Updated At-04 Aug, 2024 | 16:33
Rejected At-
Credits

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Nov, 2020 | 18:08
Updated At:04 Aug, 2024 | 16:33
Rejected At:
▼CVE Numbering Authority (CNA)

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://downloads.asterisk.org/pub/security/AST-2020-001.html
x_refsource_MISC
https://issues.asterisk.org/jira/browse/ASTERISK-29057
x_refsource_MISC
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2020-001.html
Resource:
x_refsource_MISC
Hyperlink: https://issues.asterisk.org/jira/browse/ASTERISK-29057
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://downloads.asterisk.org/pub/security/AST-2020-001.html
x_refsource_MISC
x_transferred
https://issues.asterisk.org/jira/browse/ASTERISK-29057
x_refsource_MISC
x_transferred
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2020-001.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://issues.asterisk.org/jira/browse/ASTERISK-29057
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Nov, 2020 | 19:15
Updated At:15 Aug, 2024 | 12:44

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:N/AC:H/Au:S/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:N/AC:H/Au:S/C:N/I:N/A:P
CPE Matches
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
Digium, Inc.
digium
>>certified_asterisk>>16.8
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
Sangoma Technologies Corp.
sangoma
>>asterisk>>Versions from 13.0.0(inclusive) to 13.37.1(exclusive)
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
Sangoma Technologies Corp.
sangoma
>>asterisk>>Versions from 16.0.0(inclusive) to 16.14.1(exclusive)
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
Sangoma Technologies Corp.
sangoma
>>asterisk>>Versions from 17.0.0(inclusive) to 17.8.1(exclusive)
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
Sangoma Technologies Corp.
sangoma
>>asterisk>>Versions from 18.0.0(inclusive) to 18.0.1(exclusive)
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-404Primarynvd@nist.gov
CWE ID: CWE-404
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://downloads.asterisk.org/pub/security/AST-2020-001.htmlcve@mitre.org
Patch
Vendor Advisory
https://issues.asterisk.org/jira/browse/ASTERISK-29057cve@mitre.org
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: http://downloads.asterisk.org/pub/security/AST-2020-001.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: https://issues.asterisk.org/jira/browse/ASTERISK-29057
Source: cve@mitre.org
Resource:
Exploit
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2019-13161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.17% / 84.10%
||
7 Day CHG~0.00%
Published-12 Jul, 2019 | 19:24
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration).

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-certified_asteriskasteriskdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-26906
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 74.03%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 19:50
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.

Action-Not Available
Vendor-n/aDigium, Inc.
Product-certified_asteriskasteriskn/a
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2025-14953
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.09% / 25.01%
||
7 Day CHG+0.01%
Published-19 Dec, 2025 | 16:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open5GS FAR-ID handler.c ogs_pfcp_handle_create_pdr null pointer dereference

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been published and may be used. This patch is called 93a9fd98a8baa94289be3b982028201de4534e32. It is advisable to implement a patch to correct this issue.

Action-Not Available
Vendor-open5gsn/a
Product-open5gsOpen5GS
CWE ID-CWE-404
Improper Resource Shutdown or Release
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-61795
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.61%
||
7 Day CHG+0.06%
Published-27 Oct, 2025 | 17:30
Updated-14 Nov, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Delayed cleaning of multi-part upload temporary files may lead to DoS

Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete. Depending on JVM settings, application memory usage and application load, it was possible that space for the temporary copies of uploaded parts would be filled faster than GC cleared it, leading to a DoS. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.11, from 10.1.0-M1 through 10.1.46, from 9.0.0.M1 through 9.0.109. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.12 or later, 10.1.47 or later or 9.0.110 or later which fixes the issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-404
Improper Resource Shutdown or Release
Details not found