Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
Typedeb
Namespacedebian
Nameasterisk
Version1:16.15.0~dfsg-1
Qualifiers
distro sid
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1:16.15.1~dfsg-1
Latest_non_vulnerable_version1:22.9.0+dfsg+~cs6.16.60671434-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gkcp-1zz6-tfb5
vulnerability_id VCID-gkcp-1zz6-tfb5
summary A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28327
reference_id
reference_type
scores
0
value 0.02764
scoring_system epss
scoring_elements 0.85963
published_at 2026-04-01T12:55:00Z
1
value 0.02764
scoring_system epss
scoring_elements 0.85974
published_at 2026-04-02T12:55:00Z
2
value 0.02764
scoring_system epss
scoring_elements 0.8599
published_at 2026-04-04T12:55:00Z
3
value 0.02764
scoring_system epss
scoring_elements 0.85989
published_at 2026-04-07T12:55:00Z
4
value 0.02764
scoring_system epss
scoring_elements 0.86008
published_at 2026-04-08T12:55:00Z
5
value 0.02764
scoring_system epss
scoring_elements 0.86018
published_at 2026-04-09T12:55:00Z
6
value 0.02764
scoring_system epss
scoring_elements 0.86032
published_at 2026-04-11T12:55:00Z
7
value 0.02764
scoring_system epss
scoring_elements 0.8603
published_at 2026-04-12T12:55:00Z
8
value 0.02764
scoring_system epss
scoring_elements 0.86026
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28327
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712
reference_id 974712
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r54j-ydjm-4uca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-28327
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gkcp-1zz6-tfb5
1
url VCID-tyh4-14zn-63ez
vulnerability_id VCID-tyh4-14zn-63ez
summary An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-28242
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61018
published_at 2026-04-01T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61095
published_at 2026-04-02T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61124
published_at 2026-04-04T12:55:00Z
3
value 0.00407
scoring_system epss
scoring_elements 0.61089
published_at 2026-04-07T12:55:00Z
4
value 0.00407
scoring_system epss
scoring_elements 0.61138
published_at 2026-04-08T12:55:00Z
5
value 0.00407
scoring_system epss
scoring_elements 0.61153
published_at 2026-04-09T12:55:00Z
6
value 0.00407
scoring_system epss
scoring_elements 0.61174
published_at 2026-04-11T12:55:00Z
7
value 0.00407
scoring_system epss
scoring_elements 0.6116
published_at 2026-04-12T12:55:00Z
8
value 0.00407
scoring_system epss
scoring_elements 0.61141
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-28242
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28242
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713
reference_id 974713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974713
fixed_packages
0
url pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
purl pkg:deb/debian/asterisk@1:16.15.0~dfsg-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid
1
url pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
purl pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%2Bdeb11u4?distro=sid
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r54j-ydjm-4uca
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.28.0~dfsg-0%252Bdeb11u4%3Fdistro=sid
2
url pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.8.2%2Bdfsg%2B~cs6.15.60671435-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.8.2%252Bdfsg%252B~cs6.15.60671435-1%3Fdistro=sid
3
url pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
purl pkg:deb/debian/asterisk@1:22.9.0%2Bdfsg%2B~cs6.16.60671434-1?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:22.9.0%252Bdfsg%252B~cs6.16.60671434-1%3Fdistro=sid
aliases CVE-2020-28242
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyh4-14zn-63ez
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/asterisk@1:16.15.0~dfsg-1%3Fdistro=sid