FreeBSDB330DB5F-7225-11EB-8386-001999F8D30Basterisk -- Remote crash in res_pjsip_diversion
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
82.1%
The Asterisk project reports:
If a registered user is tricked into dialing a malicious
number that sends lots of 181 responses to Asterisk, each
one will cause a 181 to be sent back to the original
caller with an increasing number of entries in the
“Supported” header. Eventually the number of entries in
the header exceeds the size of the entry array and causes
a crash.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | asterisk13 | = 13.38.1 | UNKNOWN |
| FreeBSD | any | noarch | asterisk13 | < 13.38.2 | UNKNOWN |
| FreeBSD | any | noarch | asterisk16 | = 16.15.1 | UNKNOWN |
| FreeBSD | any | noarch | asterisk16 | < 16.16.1 | UNKNOWN |
| FreeBSD | any | noarch | asterisk18 | = 18.1.1 | UNKNOWN |
| FreeBSD | any | noarch | asterisk18 | < 18.2.1 | UNKNOWN |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.008 Low
EPSS
Percentile
82.1%