← Back

CVE-2020-28242

nvd nist
Published: Nov 6, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.

Affected (7)

Show all products
Asterisk: Certified Asterisk · Sangoma: Asterisk · Fedoraproject: Fedora · Debian: Debian Linux
Asterisk
1 product
Certified Asterisk
Sangoma
1 product
Asterisk
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Certified Asterisk
Up to 16.8.0
Sangoma
Asterisk
From 13.0 to 13.37.1
Asterisk
From 16.0 to 16.14.1
Asterisk
From 17.0 to 17.8.1
Asterisk
From 18.0 to 18.0.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 33
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 9.0

Related CWEs

CWE-674
Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (6)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.