VDB

CVE-2020-35652

CVE-2020-35652 PUBLISHED

An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.

EPSS 0.16% · 36.6th percentile

Risk Scores

EPSS Score
0.16%
36.6th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSasterisk0, 1:13.1.0~dfsg-1.1ubuntu3, 1:13.1.0~dfsg-1.1ubuntu4
Ubuntu:24.04:LTSasterisk1:20.6.0~dfsg+~cs6.13.40431414-2build3, 0, 1:20.6.0~dfsg+~cs6.13.40431414-2build5
Ubuntu:25.10asterisk*, 1:22.5.2~dfsg+~cs6.15.60671435-1, 1:22.4.1~dfsg+~cs6.15.60671435-2
Ubuntu:22.04:LTSasterisk*, 0, 1:16.16.1~dfsg-4
Ubuntu:20.04:LTSasterisk1:16.2.1~dfsg-2build2, 1:16.2.1~dfsg-2build3, *
Ubuntu:18.04:LTSasterisk1:13.18.3~dfsg-1ubuntu2, 1:13.18.3~dfsg-1ubuntu1, 1:13.18.1~dfsg-1ubuntu1

Timeline

  • Jan 29, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 25, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 27, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›