CVSS: 5.3EPSS: 2%CPEs: 16EXPL: 1CVE-2020-28327
https://notcve.org/view.php?id=CVE-2020-28327
06 Nov 2020 — A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog i... • http://downloads.asterisk.org/pub/security/AST-2020-001.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-28242
https://notcve.org/view.php?id=CVE-2020-28242
06 Nov 2020 — An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound aut... • http://downloads.asterisk.org/pub/security/AST-2020-002.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 3%CPEs: 50EXPL: 0CVE-2017-9372 – Debian Security Advisory 3933-1
https://notcve.org/view.php?id=CVE-2017-9372
02 Jun 2017 — PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y a... • http://downloads.asterisk.org/pub/security/AST-2017-002.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 50EXPL: 0CVE-2017-9358
https://notcve.org/view.php?id=CVE-2017-9358
02 Jun 2017 — A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Existe una vulnerabilidad de agotamiento de memoria en Asterisk Open Source, en versiones 13.x anteriores a la 13.15.1 y versiones 14.x anteriores a la 14.4.1, y en Certified Asterisk, en versiones... • http://downloads.asterisk.org/pub/security/AST-2017-004.txt • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2017-9359 – Debian Security Advisory 3933-1
https://notcve.org/view.php?id=CVE-2017-9359
02 Jun 2017 — The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. El analizador multi-part body en PJSIP, tal como es usado en Asterisk Open Source versiones 13.x y anteriores a 13.15.1 y versiones 14.x y anteriores a 14.4.1, Certified Asterisk versión 13.13 y anteriores a 13.13-ce... • http://downloads.asterisk.org/pub/security/AST-2017-003.txt • CWE-125: Out-of-bounds Read •