CVE-2020-28327
Vulnerability from cvelistv5
Published
2020-11-06 18:08
Modified
2024-08-04 16:33
Severity ?
EPSS score ?
Summary
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://downloads.asterisk.org/pub/security/AST-2020-001.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://issues.asterisk.org/jira/browse/ASTERISK-29057 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://downloads.asterisk.org/pub/security/AST-2020-001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.asterisk.org/jira/browse/ASTERISK-29057 | Exploit, Issue Tracking, Vendor Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:33:58.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-10T15:31:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.asterisk.org/pub/security/AST-2020-001.html",
"refsource": "MISC",
"url": "http://downloads.asterisk.org/pub/security/AST-2020-001.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-29057",
"refsource": "MISC",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-29057"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28327",
"datePublished": "2020-11-06T18:08:07",
"dateReserved": "2020-11-06T00:00:00",
"dateUpdated": "2024-08-04T16:33:58.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28327\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-11-06T19:15:14.080\",\"lastModified\":\"2024-11-21T05:22:33.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un bloqueo de res_pjsip_session en Asterisk Open Source versiones 13.x anteriores a 13.37.1, versiones 16.x anteriores a 16.14.1, versiones 17.x anteriores a 17.8.1 y versiones 18.x anteriores a 18.0.1.\u0026#xa0;y Certified Asterisk anteriores a 16.8-cert5.\u0026#xa0;Tras recibir una nueva invitaci\u00f3n SIP, Asterisk no devolvi\u00f3 el cuadro de di\u00e1logo dise\u00f1ado bloqueado o referenciado.\u0026#xa0;Esto provoc\u00f3 una brecha entre la creaci\u00f3n del objeto de di\u00e1logo y su pr\u00f3ximo uso por parte del subproceso que lo cre\u00f3.\u0026#xa0;Dependiendo de algunas circunstancias y tiempos fuera de lo nominal, fue posible que otro subproceso liberara dicho cuadro de di\u00e1logo en este espacio.\u0026#xa0;Asterisk podr\u00eda bloquearse cuando el objeto de di\u00e1logo, o cualquiera de sus objetos dependientes, fueran desreferenciados o accedidos a continuaci\u00f3n por el subproceso de creaci\u00f3n inicial.\u0026#xa0;Sin embargo, tome en cuenta que este bloqueo solo puede ocurrir cuando se usa un protocolo orientado a la conexi\u00f3n (por ejemplo, TCP o TLS, pero no UDP) para el transporte SIP.\u0026#xa0;Adem\u00e1s, el cliente remoto debe estar autenticado, o Asterisk debe estar configurado para llamadas an\u00f3nimas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C3E390-8B99-4EB8-82DD-02893611209A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17DB2297-1908-4F87-8046-2BAA74569D71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEA2CC40-C2F6-4828-82F0-1B50D3E61F77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"32F19F43-C1E8-4B6C-9356-AF355B7320BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"21D1FA32-B441-485F-8AE9-F3A394626909\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7795CCF-B160-4B4F-9529-1192C11D7FDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5E5D0D-9EB3-40FD-8B7E-E93A95D07AB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7DFDA30-DD61-4BBC-AFE4-448BF2A4F303\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"142F1F89-49AC-4A0B-A273-61F697063A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"53041795-788C-4914-A2F6-41539ABE0244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBB98E65-B2D0-49A4-8BF3-12155E3E13C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"769C854C-03CD-40A9-B39B-C0CDCA8252EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.37.1\",\"matchCriteriaId\":\"19F2741E-7FB6-4817-B44C-57502EF9BE45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.14.1\",\"matchCriteriaId\":\"DFEF5146-78E5-4391-A789-89E03492FC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.8.1\",\"matchCriteriaId\":\"EABD6FC4-4053-4925-895B-D539336B47DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.0.1\",\"matchCriteriaId\":\"338F78D3-1BE4-4876-9E79-1CE45EB28A00\"}]}]}],\"references\":[{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2020-001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://issues.asterisk.org/jira/browse/ASTERISK-29057\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"http://downloads.asterisk.org/pub/security/AST-2020-001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://issues.asterisk.org/jira/browse/ASTERISK-29057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.