Search for vulnerabilities
Vulnerability details: VCID-fz52-bs6c-aaas
Vulnerability ID VCID-fz52-bs6c-aaas
Aliases CVE-2020-28327
Summary A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
Status Published
Exploitability 0.5
Weighted Severity 4.8
Risk 2.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-404 Improper Resource Shutdown or Release
System Score Found at
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00088 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00889 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00889 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00889 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.00889 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.02764 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
epss 0.06696 https://api.first.org/data/v1/epss?cve=CVE-2020-28327
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2020-28327
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28327
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-28327
Reference id Reference type URL
http://downloads.asterisk.org/pub/security/AST-2020-001.html
https://api.first.org/data/v1/epss?cve=CVE-2020-28327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28327
https://issues.asterisk.org/jira/browse/ASTERISK-29057
974712 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=974712
cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:asterisk:open_source:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:-:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert1-rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:digium:certified_asterisk:16.8:cert4-rc4:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
CVE-2020-28327 https://nvd.nist.gov/vuln/detail/CVE-2020-28327
No exploits are available.
Vector: AV:N/AC:H/Au:S/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-28327
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-28327
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-28327
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.38352
EPSS Score 0.00088
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.