FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

asterisk -- Remote crash in res_pjsip_diversion

Affected packages
13.38.1 <= asterisk13 < 13.38.2
16.15.1 <= asterisk16 < 16.16.1
18.1.1 <= asterisk18 < 18.2.1

Details

VuXML ID b330db5f-7225-11eb-8386-001999f8d30b
Discovery 2021-01-04
Entry 2021-02-18

The Asterisk project reports:

If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the "Supported" header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.

References

CVE Name CVE-2020-35776
URL https://downloads.asterisk.org/pub/security/AST-2021-001.html